Google has patched a zero-day vulnerability in its Chrome browser that was being actively exploited in spyware attacks. The vulnerability, CVE-2023-5217, is a heap buffer overflow issue in the VP8 encoding of open-source libvpx video codec library. Two other high-severity flaws were also fixed in this update: a use-after-free flaw in Passwords (CVE-2023-5186) and a use-after-free bug in Extensions (CVE-2023-5187). #Google #Chrome #ZeroDay #Spyware #Vulnerability

https://www.infosecurity-magazine.com/news/google-patches-chrome-zero-day-1/