Executive summary

A new actively exploited zero-day vulnerability in Google Chrome which can lead to remote code execution has been identified, with patches released. Also this week, Mozilla released updates for high-severity vulnerabilities in both Firefox and Thunderbird.

What’s the risk to me or my business?

The actively exploited vulnerability and high-severity vulnerabilities can allow an attacker to execute malicious code, compromising the confidentiality, integrity and availability of data.

What can I do?

Security updates are available for both browsers. The updates for Chrome are available in version  117.0.5938.132 and should be applied immediately. The updates for Firefox are available in version 118 and should be applied as soon as possible.

Technical Summary

CVE-2023-5217: an actively exploited zero-day heap-based buffer overflow which can lead to execution of arbitrary code.

The security advisory from Google Chrome can be found here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

The security advisory from Firefox can be found here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity