Описание
CefSharp affected by heap buffer overflow in WebP
Google is aware that an exploit for CVE-2023-4863 exists in the wild.
Description
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
- https://www.cve.org/CVERecord?id=CVE-2023-4863
- https://nvd.nist.gov/vuln/detail/CVE-2023-4863
- https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability
Updated
There is another related security vulnerability.
There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (
--disable-blink-features=WebCodecs).
As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150
Пакеты
CefSharp.Common
< 116.0.230
116.0.230
CefSharp.Common.NETCore
< 116.0.230
116.0.230