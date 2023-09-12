Vida en la ciudad

Revelando nuevas tecnologías y el poder de la IA

Noticias

El nuevo parche de Google Chrome soluciona un fallo de seguridad crítico

ByMamfo Brescia

12 de septiembre de 2023
Google has released an out-of-band security update to patch a critical vulnerability in its Chrome web browser. The flaw, known as CVE-2023-4863, involves a heap buffer overflow that affects the WebP image format. This vulnerability could potentially lead to arbitrary code execution or crashes.

The discovery of the vulnerability was credited to Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at the University of Toronto’s Munk School. The specific details of the exploit have not been disclosed, but Google has acknowledged that an exploit for CVE-2023-4863 has been observed in the wild.

This latest patch is part of Google’s ongoing efforts to address zero-day vulnerabilities in Chrome. Since the beginning of the year, the company has already fixed four such vulnerabilities.

In addition to Google’s patch, Apple has also expanded its fixes to address CVE-2023-41064, another vulnerability related to image processing. This vulnerability is a buffer overflow issue in the Image I/O component, which could lead to arbitrary code execution. It was used in conjunction with CVE-2023-41061 in a zero-click iMessage exploit chain named BLASTPASS to deploy the Pegasus spyware on fully-patched iPhones running iOS 16.6.

The similarities between CVE-2023-41064 and CVE-2023-4863, both related to image processing and reported by Apple and The Citizen Lab, suggest a potential connection between the two vulnerabilities.

To protect against potential threats, users are advised to update their Chrome browser to version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux. Users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply the patches as soon as they are available.

