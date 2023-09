Ua hoʻokuʻu ʻo Google i kahi hōʻano palekana waho-o-band e hoʻopaʻa i kahi nāwaliwali koʻikoʻi i kāna polokalamu kele pūnaewele Chrome. ʻO ka hemahema, i ʻike ʻia ʻo CVE-2023-4863, e pili ana i kahi puʻupuʻu puʻupuʻu e pili ana i ka hōʻano kiʻi WebP. Hiki i kēia nāwaliwali ke alakaʻi i ka hoʻokō code arbitrary a i ʻole nā ​​hāʻule.

ʻO ka loaʻa ʻana o ka nāwaliwali i hāʻawi ʻia iā Apple Security Engineering and Architecture (SEAR) a me The Citizen Lab ma ke kula ʻo Munk University o Toronto. ʻAʻole i hōʻike ʻia nā kikoʻī kikoʻī o ka hoʻohana ʻana, akā ua ʻae ʻo Google ua ʻike ʻia kahi hana no CVE-2023-4863 i ka nahele.

ʻO kēia ʻāpana hou loa he ʻāpana o ka hoʻomau ʻana o Google e hoʻoponopono i nā nāwaliwali o ka lā ʻole ma Chrome. Mai ka hoʻomaka ʻana o ka makahiki, ua hoʻopaʻa mua ka hui i ʻehā mau nāwaliwali.

Ma waho aʻe o kā Google patch, ua hoʻonui ʻo Apple i kāna mau hoʻoponopono e hoʻoponopono i ka CVE-2023-41064, kahi nāwaliwali e pili ana i ka hoʻoili kiʻi. ʻO kēia haʻahaʻa haʻahaʻa he pilikia hoʻopiʻi nui i ka ʻāpana Image I/O, hiki ke alakaʻi i ka hoʻokō code arbitrary. Ua hoʻohana pū ʻia me CVE-2023-41061 i kahi kaulahao hoʻohana iMessage iMessage i kapa ʻia ʻo BLASTPASS e kau i ka spyware Pegasus ma nā iPhones paʻa piha e holo ana i ka iOS 16.6.

ʻO nā mea like ma waena o CVE-2023-41064 a me CVE-2023-4863, pili i ka hoʻoili kiʻi a hōʻike ʻia e Apple a me The Citizen Lab, e hōʻike ana i kahi pilina ma waena o nā nāwaliwali ʻelua.

No ka pale ʻana i nā mea hoʻoweliweli, ʻōlelo ʻia nā mea hoʻohana e hōʻano hou i kā lākou polokalamu Chrome i ka mana 116.0.5845.187/.188 no Windows a me 116.0.5845.187 no macOS a me Linux. Pono nā mea hoʻohana o nā polokalamu kele pūnaewele Chromium, e like me Microsoft Edge, Brave, Opera, a me Vivaldi, e hoʻopili i nā pā i ka wā e loaʻa ai.

