A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day

by
Dan Goodin
from Ars Technica - All content on (#6F5CA)
exploit-800x534.jpg

Enlarge (credit: Getty Images)

On Wednesday, Google reported that a critical zero-day vulnerability in its Chrome browser is opening the Internet to a new chapter of Groundhog Day.

Like a critical zero-day Google disclosed on September 11, the new exploited vulnerability doesn't affect just Chrome. Already, Mozilla has said that its Firefox browser is vulnerable to the same bug, which is tracked as CVE-2023-5217. And just like CVE-2023-4863 from 17 days ago, the new one resides in a widely used code library for processing media files, specifically those in the VP8 format.

Pages here and here list hundreds of packages for Ubuntu and Debian alone that rely on the library known as libvpx. Most browsers use it, and the list of software or vendors supporting it reads like a who's who of the Internet, including Skype, Adobe, VLC, and Android.

Read 7 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments