Google has released a security update for Chrome 117 with 10 new security fixes. The update addresses a new actively exploited zero-day vulnerability. The issue received a high severe rating and could lead to program crashes or arbitrary code execution if successfully exploited. This could in turn disrupt operations and compromise sensitive data. We have added a new report to Lansweeper to help you locate vulnerable devices.
Google Chrome Vulnerability CVE-2023-5217
The new Chrome 117 update includes 10 security fixes, several of which received a high severity rating. However, the main issue to look out for is a heap buffer overflow weakness in the vp8 encoding of the open-source libvpx video codec library tracked as CVE-2023-5217. This vulnerability has already been exploited in the wild and can cause program crashes or lead to arbitrary code execution. This could compromise sensitive data or seriously disrupt operations. You can find more information on Chrome's release page.
Update Vulnerable Chrome Installations
As always Google is holding out on releasing any additional bug details for now. This is to give the majority of users the chance to update first. They will also retain these restrictions if the bug exists in a third-party library that other projects depend on, but haven't yet fixed. In order to protect your network and your organization, make sure to update any installations of Google Chrome to the latest version as soon as possible. That is 117.0.5938.132 for Windows, Mac, and Linux.
Discover Vulnerable Chrome Installs
Our team has created a new vulnerability audit report to help you locate vulnerable installations of Google Chrome in your network. This way you have an actionable list of devices that still need to be updated to the new version so you can take action immediately. You can get the report via the link below.