TechCrunch

Google has rushed to patch a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor. The vulnerability was reported to the Chrome team by Clement Lecigne of Google’s Threat Analysis Group (TAG) just two days before the patch was released. Google said it is aware that an exploit for the vulnerability, tracked as CVE-2023-5217 and described as a “heap buffer overflow in vp8 encoding in libvpx”, exists in the wild.