Google has patched a zero-day vulnerability in Chrome, known as CVE-2023-4863, which is the fourth zero-day vulnerability found in the browser this year. The bug, rated as critical severity, is a heap buffer overflow issue in the WebP component. Google states that the vulnerability was reported by Apple Security Engineering and Architecture and The Citizen Lab. The vulnerability is believed to have been exploited by a commercial spyware vendor. The latest Chrome update, version 116.0.5845.187, is now available for download.

#Google #Chrome #vulnerability #patch #zero-day

https://www.securityweek.com/google-patches-chrome-zero-day-reported-by-apple-spyware-hunters/