Newsnews
Cybersecurity News

Google Quickly Fixes Zero-Day Exploited By Spyware Vendor

Written by: Lucky Stith | Published: 29 September 2023 | Modified: 1 December 2023
google-quickly-fixes-zero-day-exploited-by-spyware-vendor
Cybersecurity

Google has taken swift action to fix a zero-day vulnerability in its Chrome browser that was being exploited by a commercial spyware vendor. The vulnerability, known as CVE-2023-5217, was reported to Google’s Chrome team by Clement Lecigne of the Threat Analysis Group just two days before the patch was released. Google confirmed that the exploit was being used in the wild.

Key Takeaway

A zero-day vulnerability in Google Chrome, exploited by a commercial spyware vendor, has been promptly patched by Google. The vulnerability allowed the installation of malicious software and its specific details remain undisclosed.

Details of the Zero-Day Exploit

The zero-day vulnerability, described as a “heap buffer overflow in vp8 encoding in libvpx,” allowed the spyware vendor to install malicious software on victims’ systems. The specific details of the attacks exploiting the vulnerability were not disclosed in Google’s advisory. The company stated that access to bug details and links would be restricted until a majority of users had updated with the fix.

Rollout of the Patch

The vulnerability has been fixed in the latest version of Google Chrome, version 117.0.5938.132. The patch is currently being rolled out to Windows, Mac, and Linux users in the Stable Desktop channel.

Previous Zero-Day Exploits

This emergency patch for Google Chrome comes shortly after Google fixed another zero-day vulnerability, which was initially misidentified as a Chrome vulnerability but was later assigned to the open-source libwebp library. This vulnerability affected popular apps such as 1Password, Firefox, Microsoft Edge, Safari, and Signal. Additionally, Apple recently patched three zero-days that were used to exploit an Egyptian presidential candidate’s phone with the Predator spyware developed by Cytrox, another commercial spyware vendor.

Google’s swift action in fixing these vulnerabilities demonstrates their commitment to user security and highlights the continuous cat-and-mouse game between cybercriminals and technology companies. It also emphasizes the importance of regularly updating software to ensure protection against the latest threats.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Related Posts

Microsoft Remains Silent On Exploitation Of Zero-Day Vulnerabilities
News

Microsoft Remains Silent On Exploitation Of Zero-Day Vulnerabilities

by Joscelin Harder | 5 October 2023
Apple Releases Security Updates To Fix Actively Exploited Zero-Day Vulnerabilities
News

Apple Releases Security Updates To Fix Actively Exploited Zero-Day Vulnerabilities

by Raye Loving | 2 December 2023
New Apple Security Updates Patch Zero-Day Vulnerabilities
News

New Apple Security Updates Patch Zero-Day Vulnerabilities

by Dode Roden | 23 September 2023
Government Hackers Exploit IPhone Vulnerabilities With Spyware, Google Reveals
News

Government Hackers Exploit IPhone Vulnerabilities With Spyware, Google Reveals

by Lorri Hinman | 6 February 2024
What Is The Correct Definition Of A Cybersecurity Exploit?
TECHNOLOGY

What Is The Correct Definition Of A Cybersecurity Exploit?

by Devora Gorski | 12 September 2023
Apple Addresses Zero-Day Exploits Used In Pegasus Spyware Attack
News

Apple Addresses Zero-Day Exploits Used In Pegasus Spyware Attack

by Lorri Hinman | 8 September 2023
What Is Cybersecurity?
TECHNOLOGY

What Is Cybersecurity?

by Lorri Hinman | 12 September 2023
What Are Some Of The Shortcomings Of Antivirus Software Today? Check All That Apply.
TECHNOLOGY

What Are Some Of The Shortcomings Of Antivirus Software Today? Check All That Apply.

by Shina Thies | 11 September 2023

Recent Stories

Learn To Convert Scanned Documents Into Editable Text With OCR
Software Tutorials

Learn To Convert Scanned Documents Into Editable Text With OCR

by Lucky Stith | 26 April 2024
Top Mini Split Air Conditioner For Summer
Buyer's Guides

Top Mini Split Air Conditioner For Summer

by Lucky Stith | 26 April 2024
Comfortable and Luxurious Family Life | Zero Gravity Massage Chair
Buyer's Guides

Comfortable and Luxurious Family Life | Zero Gravity Massage Chair

by Lucky Stith | 26 April 2024
Fintechs and Traditional Banks: Navigating the Future of Financial Services
General Fintech

Fintechs and Traditional Banks: Navigating the Future of Financial Services

by Lucky Stith | 18 April 2024
AI Writing: How It’s Changing the Way We Create Content
AI

AI Writing: How It’s Changing the Way We Create Content

by Lucky Stith | 3 April 2024
How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators
Digital Media & Creative Tech

How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators

by Lucky Stith | 28 March 2024
How to Know When it’s the Right Time to Buy Bitcoin
Cryptocurrency

How to Know When it’s the Right Time to Buy Bitcoin

by Lucky Stith | 28 March 2024
Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!
Education

Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!

by Lucky Stith | 23 March 2024