It’s unclear how many software packages that depend on libvpx will be vulnerable to CVE-2023-5217. Most browsers use it, and the list of software or vendors supporting it reads like a who’s who of the Internet, including Skype, Adobe, VLC, and Android. Pages here and here list hundreds of packages for Ubuntu and Debian alone that rely on the library known as libvpx. And just like CVE-2023-4863 from 17 days ago, the new one resides in a widely used code library for processing media files, specifically those in the VP8 format. Already, Mozilla has said that its Firefox browser is vulnerable to the same bug, which is tracked as CVE-2023-5217. Like a critical zero-day Google disclosed on September 11, the new exploited vulnerability doesn’t affect just Chrome. On Wednesday, Google reported that a critical zero-day vulnerability in its Chrome browser is opening the Internet to a new chapter of Groundhog Day.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |