Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Google Releases Security Update for Chrome

The security update addresses three high vulnerabilities, one of which is actively exploited in the wild

Threat ID:
CC-4384
Threat Severity:
Medium
Published:
28 September 2023 4:35 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The security update addresses three high vulnerabilities, one of which is actively exploited in the wild

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 117.0.5938.132

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google has released a security update to address three high severity vulnerabilities.

Vulnerability details

  • CVE-2023-5217 - CWE-122 - Heap-based Buffer Overflow

A heap buffer overflow vulnerability in vp8 encoding in libvpx. A CVSS v3 base score of 8.8 has been calculated.

  • ​CVE-2023-5186 - CWE-416 - Use After Free

This is a Use-After-Free vulnerability in passwords. A CVSS v3 base score of 9.8 has been calculated.

  •  CVE-2023-5187 - CWE-416 - Use After Free

This is a Use-After-Free vulnerability in Extensions. A CVSS v3 base score of 9.8 has been calculated.

Exploitation of CVE-2023-5217

Google is aware that an exploit for CVE-2023-5217 exists in the wild.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and update to the latest release.

Last edited: 28 September 2023 4:35 pm