Update Google Chrome now - there's another serious security flaw in the wild

Google Chrome
(Image credit: Shutterstock)

Google has released an urgent security update addressing yet another security flaw in its Chrome browser.

"Google is aware that an exploit for CVE-2023-5217 exists in the wild," the company revealed in a security advisory released alongside the release notes for Google Chrome 117.0.5938.132.

This flaw could have allowed criminals to sneakily install spyware on victims without them realizing.

Google Chrome security update

The news is the fifth exploit for zero-day vulnerabilities in Google Chrome detected since the start of the year, showing that the browser remains a popular target for hackers and cybercriminals.

The CVE Program, which tracks publicly disclosed cybersecurity vulnerabilities, notes that the newly-reported issue, classified as CVE-2023-5217, is caused by a heap buffer overflow weakness in the VP8 encoding of the open source libvpx video codec library, which can cause effects from a simple browser crash to the ability for hackers to carry out arbitrary code execution and subvert any other security service.

The flaw, which is ranked as high-severity, was reported by Google Threat Analysis Group (TAG) security researcher Clément Lecigne. The company confirmed CVE-2023-5217 has been exploited and used in cyberattacks, but did not share further information regarding these incidents.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google's security advisory added. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

The update is available now for Google Chrome users on Windows, Mac, and Linux users, who can download it in the Stable Desktop channel.

It's the second such incident in this month alone, after Google was forced to issue a Chrome update consisting of multiple emergency security updates for several reported zero-day vulnerabilities just a few days ago.

Via Bleeping Computer

More from TechRadar Pro

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Read more
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
the YouTube logo on a screen in front of other YouTube logos covering a black background
Worrying YouTube security flaw exposed billions of user emails
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Latest in Pro
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
Hands on a laptop with overlaid logos representing network security
Winning the war on ransomware with multi-layer security
Protection from AI hacker attacks
Maintaining SAP’s confidentiality, integrity, and availability triad
A trough sensor at Overbury farm
“It's wildlife working for you” - how Agri-Tech can help revolutionize British farming as we know it
Latest in News
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons