Google releases emergency update to patch Chrome vulnerability

In its statement, Google said it discovered the vulnerability CVE-2023-4863 exists and is described as a heap buffer overflow located in the WebP image format.

Google releases emergency update to patch Chrome vulnerability Picture 1

To put it into perspective, a heap buffer overflow occurs when a program tries to write more data to the allocated buffer than the buffer was actually designed to hold. Under certain circumstances, this vulnerability could allow attackers to execute arbitrary code, meaning they could run code of their choosing on the affected system.

Google credits Apple Security Engineering and Architecture (SEAR) and Citizen Lab at the University of Toronto for discovering and reporting the vulnerability on September 6, 2023. However, Google has refrained from disclosing details about the bug, and has not provided information on how attackers could exploit the vulnerability.

Chrome users are encouraged to update their web browsers to the latest versions, Chrome 116.0.5845.187 for Mac and Linux and Chrome 116.0.5845.187.188 for Windows. This update is essential because it addresses the vulnerability CVE-2023-4863.

The new firmware is currently rolling out to users in the Stable and Extended stable channels before reaching everyone in the coming days or weeks. The update is available to download when users check for new updates on their Windows PC through the Chrome > Help > About Chrome menu.

The latest vulnerability emerged after Google announced in August that it would release weekly security updates to users of Chrome's Stable channel. The company said it will quickly resolve and issue an unscheduled patch for Chrome if it detects a security vulnerability that is being widely exploited.

Jessica Tanner

Update 28 May 2024