Update All Your Software Now...
A new zero-day exploit has been discovered in a widely-used media encoding system for the WebM file format, affecting popular software like Chrome, Firefox, Skype, and VLC across various operating systems. Google's security research identifies the vulnerability (CVE-2023-5217) as a "heap buffer overflow in vp8 encoding in libvpx," which means certain programs can record more data to a memory buffer than intended, potentially causing security issues. Mozilla has confirmed Firefox's vulnerability, and the exploit is already being used in attacks. However, both Chrome (version 117) and Firefox (version 118) have released patches to address the issue. The vulnerability seems to apply only during media encoding, not decoding, limiting the scope of affected programs.