A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day

Views

Enlarge (credit: Getty Images)

A critical zero-day vulnerability Google reported on Wednesday in its Chrome browser is opening the Internet to a new chapter of Groundhog Day.

Like a critical zero-day Google disclosed on September 11, the new exploited vulnerability doesn’t affect just Chrome. Already, Mozilla has said that its Firefox browser is vulnerable to the same bug, which is tracked as CVE-2023-5217. And just like CVE-2023-4863 from 17 days ago, the new one resides in a widely used code library for processing media files, specifically those in the VP8 format.

Read Also :

• WWDC 2024 starts on June 10 with announcements about iOS 18 and beyond
• Cities: Skylines 2 gets long-awaited official mod support and map editor
• Thousands of phones and routers swept into proxy service, unbeknownst to users

Pages here and here list hundreds of packages for Ubuntu and Debian alone that rely on the library known as libvpx. Most browsers use it, and the list of software or vendors supporting it reads like a who’s who of the Internet, including Skype, Adobe, VLC, and Android.

Read 7 remaining paragraphs | Comments

source https://arstechnica.com/?p=1972043