![]() ![]() Extent of The Risk: Widespread Effect of the Vulnerability Although Google has yet to release comprehensive details about the vulnerability or the exploit chain, it has confirmed that the vulnerability could be exploited using a specially devised HTML page and VP8 media stream. The vulnerability is a heap buffer overflow issue involving VP8 encoding in libvpx, an open source video codec library linked to the WebM Project. A three-week deadline, until October 23, has been set for applying the necessary remediation. This Google Chrome bug is considered a “ significant risk to the federal enterprise,” posing a substantial threat to agencies within the Federal Civilian Executive Branch (FCEB). CVSS scores are mapped to different severity ratings: None: 0.0, Low: 0.1 – 3.9, Medium: 4.0 – 6.9, High: 7.0 – 8.9, and Critical: 9.0 – 10.0. The bug, identified as CVE-2023-5217, was patched by Google last week, with a severity rating of 8.8 on the CVSS v3 scale.ĬVSS stands for Common Vulnerability Scoring System, which is a free and open industry standard for assessing the severity of computer system security vulnerabilities. The U.S.'s Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the new zero-day vulnerability in Google Chrome and formalized it in its Known Exploited Vulnerabilities (KEV) Catalog.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |