Chrome just fixed a massive exploit, but you could still be at risk

If you haven’t updated Chrome in the past few days, then it is highly recommended that you do. That’s because Google recently reported on a critical zero-day vulnerability within the browser that it has since fixed in Chrome version 117.0.5938.132. While Chrome has fixed the issue, though, it isn’t the only browser or software that could be plagued by this exploit.

According to Ars Technica, the latest zero-day exploit is not only attached to Chrome. Instead, it seems to affect libvpx, a library of packages that is widely used across multiple platforms, including Chrome, Firefox, Skype, Adobe, VLC, and Android – and the list of vendors that use it goes on.

The newest critical zero-day vulnerability appears to be related to VP8 encoding. Therefore, any vendors that utilize VP8 for decoding only will not have to worry about the exploit at the moment. Luckily, both Chrome and Firebox have been updated to resolve issues with this particular vulnerability. At the moment, it is unclear when libvpx will be updated to address the vulnerability.

If you are using any programs that utilize libvpx, it is highly recommended that you upgrade to the latest version in order to try to negate any possible exposure to this critical zero-day vulnerability. While details on the “in the wild” existence of this exploit are slim, we have seen tweets from security researchers mentioning the zero-day use by at least one commercial surveillance vendor.

The vulnerability was first discovered on Monday, September 25, and Chrome patched it out on Wednesday, just two days later. The security issue is currently known as CVE-2023-4863, and it will probably take a few more days to see just how wide of a scope this exploit affects. For the moment, though, ensure you have the latest versions of Firefox and Chrome before continuing to use them.

This isn’t the first time Chrome has suffered from a zero-day issue, and it won’t be the…