![]() “Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process,” the Firefox team wrote in their security advisory.įrom there, the vulnerability “allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” said the official Common Vulnerabilities and Exposures site. It is widely used to encode or decode videos in the VP8 and VP9 video coding formats. The zero-day exploit is technically a heap buffer overflow in VP8 encoding in libvpx, which is a video code library developed by Google and the Alliance for Open Media. This zero-day vulnerability originates in libvpx library What can IT teams do to keep employees’ devices secure?.This zero-day vulnerability originates in libvpx library.In Firefox, the exploit is patched in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1 and Firefox for Android 118.1. If you use Chrome, update to 1.132 when it becomes available Google Chrome says it may take “days/weeks” for all users to see the update. ![]() Any software that uses VP8 encoding in libvpx or is based on Chromium (including Microsoft Edge) might be affected, not just Chrome or Firefox. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code. ![]() The zero-day exploit was being used by a commercial spyware vendor. Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library. ![]() Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |