Google announced on September 27th that there is a serious Zero-Day vulnerability in the Chrome browser. This vulnerability is being widely used by hackers. The vulnerability identification code is CVE-2023-5217, and the severity rating is marked as 10/10. It calls on all Windows /MacOS/Linux Chrome browser users should update to 117.0.5938.132 or later immediately.
The vulnerability exists in the VP8 encoding of the open source libvpx video codec library according to Google. Hackers can penetrate it through specially crafted VP8 files, allowing hackers to bypass security restrictions and execute arbitrary code. CVE-2023-5217 Zero-Day vulnerability has been widely used by hackers to install spyware.
Due to the vulnerability in the libvpx video codec library, it is basically not only the Chrome browser that has the problem, but also Mozilla Firefox, Microsoft Edge, Apple's Safari and the native Android web browser. However, there has been no update notification yet.