Page 1 of 1

CVE-2023-4863 zero-day - patched in branch 5845 and 5938?

PostPosted: Thu Sep 14, 2023 1:13 pm
by HarmlessDave
https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - "Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"

This CVE was only posted 2 days ago but it seems pretty serious.

Has the Chromium patch for this already been added to CEF 116 (5845) and 117 (5938) or is that coming in a future update?

Re: CVE-2023-4863 zero-day - patched in branch 5845 and 5938

PostPosted: Thu Sep 14, 2023 1:47 pm
by magreenblatt
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187

CEF M116 builds are currently at 116.0.5845.189, so it sounds like those will include the fix. Do you know what version of M117 includes the fix?

Re: CVE-2023-4863 zero-day - patched in branch 5845 and 5938

PostPosted: Thu Sep 14, 2023 2:51 pm
by HarmlessDave
magreenblatt wrote:
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187

CEF M116 builds are currently at 116.0.5845.189, so it sounds like those will include the fix. Do you know what version of M117 includes the fix?

Sorry, no. It isn't clear from the CVE what the minimum 117 version is, but I noticed there was a Google Chrome update today to Version 117.0.5938.63 (Official Build) (64-bit) that was probably to add the fix.

Re: CVE-2023-4863 zero-day - patched in branch 5845 and 5938

PostPosted: Fri Sep 15, 2023 2:10 am
by ndesktop
https://chromereleases.googleblog.com/2 ... op_11.html
Looks like fixed in 116.0.5845.187.

Edit: I think this is the fix. This is the DEPS commit.

For M117 I see the same commit here at 09-09-2023 22:56 then follows 117.0.5938.60 after 1+ hour on 09-09-2023 00:13.
So:
- M116: 116.0.5845.187
- M117: 117.0.5938.60

Re: CVE-2023-4863 zero-day - patched in branch 5845 and 5938

PostPosted: Sun Sep 17, 2023 9:21 pm
by amaitland
Chrome 117.0.5938.62 (Linux and Mac), 117.0.5938.62/.63( Windows)

https://chromereleases.googleblog.com/2 ... 2.html?m=1

Re: CVE-2023-4863 zero-day - patched in branch 5845 and 5938

PostPosted: Fri Sep 29, 2023 12:39 pm
by magreenblatt
There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (`--disable-blink-features=WebCodecs`).