Arbitrary Code Execution Vulnerability in Google Chrome, Firefox web browsers & Thunderbird Email Client (CVE-2023-4863)

A zero-day arbitrary code execution vulnerability (CVE-2023-4863) was identified in Google Chrome, Firefox web browsers and Thunderbird email client recently and being actively exploited in the wild.  The vulnerability enables a heap buffer overflow that resides in the WebP image format to result in arbitrary code execution or a crash.  Users are urged to apply the latest patch immediately to mitigate any potential threats.

 

Vulnerability

  • Arbitrary Code Execution Vulnerability (CVE-2023-4863)

 

Severity Level

  • Critical

 

Affected versions

  • Google Chrome prior to 116.0.5845.187/.188 (Windows)
  • Google Chrome prior to 116.0.5845.187 (Linux/Mac)
  • Google Chrome prior to 117.0.5938.60 (Android)
  • Firefox prior to 117.0.1,
  • Firefox prior to ESR 102.15.1, 115.2.1
  • Thunderbird prior to 102.15.1, 115.2.2

 

Remediation

  • Update the Google Chrome, Firefox and Thunderbird to the latest version ASAP.

 

Reference

 

Enquiry

 

 

Published on: 14 Sep 2023