Abuse Melding

Je hebt een klacht over de onderstaande posting:

29-09-2023, 13:56 door Anoniem

https://www.bleepingcomputer.com/news/security/google-fixes-fifth-actively-exploited-chrome-zero-day-of-2023/ (..) The high-severity zero-day vulnerability (CVE-2023-5217) is caused by a heap buffer overflow weakness in the VP8 encoding of the open-source libvpx video codec library, a flaw whose impact ranges from app crashes to arbitrary code execution. (..) While first marking it as a Chrome flaw, the company later assigned another CVE (CVE-2023-5129) and a maximum 10/10 severity rating, tagging it as a critical security vulnerability in libwebp (a library used by a large number of projects, including Signal, 1Password, Mozilla Firefox, Microsoft Edge, Apple's Safari, and the native Android web browser). CVE-2023-5217 = libvpx (o.a. VP8 codec) CVE-2023-5129 = libwebp (o.a. Firefox, Safari, Edge, Android en .... Signal .... oops) Welke versie van Signal is kwetsbaar voor deze CVE? Is er al een patch? Ik ga zoeken, wordt vervolgd ....

Beschrijf je klacht (Optioneel):