Skip to end of banner
Go to start of banner

Vulnerability Update - Remote Code Execution in Chrome (CVE-2023-5217)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Background

A critical vulnerability has been reported around remote code execution in Chrome, specifically known as ‘Google Chrome libvpx Heap Buffer Overflow Vulnerability’ - https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Having conducted an analysis of our usage of this compontent, we believe this DOES presents a possible risk within our dashboard software, which could be exploited and therefore we plan to resolve this by patching our September 23 dashboard release to remedy the threat. .

Further updates will be added to this page as we make progress on the patch release. We will provide a further update on that in due course

Events

To help keep customers informed of our latest responses to the issue, we have created an events table to detail the key steps we have/are taking

Date

Event

We became aware of a vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-5217 and started to investigate

Assessment of possible impact completed, and confirmed this could impact on our dashboard software

Decision made to patch the dashboard software to provide greater resilience. To be included in a patch of our standard September 23 release

Development in progress on a pi.2022-10-12.2 release

TBC

Patch release pi.2023_09.2 to be made available for general release

Recommendations

More information to follow

Release Availability

More information to follow

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.