Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j646-gj5p-p45g: CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

  • https://www.cve.org/CVERecord?id=CVE-2023-4863
  • https://nvd.nist.gov/vuln/detail/CVE-2023-4863
  • https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability
ghsa
#vulnerability#web#google#git#buffer_overflow#zero_day#chrome

Skip to content

Sign up

GHSA-j646-gj5p-p45g

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog
  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Resources

    • Customer Stories
    • White papers, Ebooks, Webinars
    • Partners
    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-j646-gj5p-p45g

CefSharp affected by heap buffer overflow in WebP

Critical severity GitHub Reviewed Published Sep 16, 2023 in cefsharp/CefSharp

Vulnerability details Dependabot alerts 0

Package

nuget CefSharp.Common (NuGet)

Affected versions

< 116.0.230

Patched versions

116.0.230

nuget CefSharp.Common.NETCore (NuGet)

< 116.0.230

116.0.230

Description

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

  • https://www.cve.org/CVERecord?id=CVE-2023-4863
  • https://nvd.nist.gov/vuln/detail/CVE-2023-4863
  • https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

References

  • GHSA-j646-gj5p-p45g
  • cefsharp/CefSharp@f2890ba
  • https://github.com/cefsharp/CefSharp/releases/tag/v116.0.230

amaitland published to cefsharp/CefSharp

Sep 16, 2023

Published to the GitHub Advisory Database

Sep 21, 2023

Reviewed

Sep 21, 2023

Severity

Critical

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-j646-gj5p-p45g

Source code

cefsharp/CefSharp

Checking history

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP