CVE-2023-4863 Information

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Reference

https://crbug.com/1479274 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html https://bugzilla.suse.com/show_bug.cgi?id=1215231 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://security-tracker.debian.org/tracker/CVE-2023-4863 https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/ https://en.bandisoft.com/honeyview/history/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 https://news.ycombinator.com/item?id=37478403