Skip to end of banner
Go to start of banner

Vulnerability Update - Remote Code Execution in Chrome (CVE-2023-5217)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Background

A critical vulnerability has been reported around remote code execution in Chrome, specifically known as ‘Google Chrome libvpx Heap Buffer Overflow Vulnerability’ - https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Having conducted an analysis of our usage of this compontent, we believe this DOES presents a possible risk within our dashboard software, which could be exploited and therefore we plan to resolve this by patching our September 23 dashboard release to remedy the threat. .

Further updates will be added to this page as we make progress on the patch release, so please check back for more updates.

Events

To help keep customers informed of our latest responses to the issue, we have created an events table to detail the key steps we have/are taking

Date

Event

We became aware of a critical vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-5217 and began to investigate.

Assessment of possible impact completed, and confirmed this could impact on our dashboard software.

Decision made to apply a patch to our September 23 dashboard release to provide greater resilience.

Development in progress

Development has been completed. The change has progressed through Unit and QA testing prior to release, expected to be ready on .

A patched September (pi.2023_09.2) release is now available for customers to download.

Recommendations

Once the patch release has been made available, we strongly recommend that you upgrade to that version to take advantage of the security enhancement provided. We always encourage partners to upgrade to the latest version of the dashboard, to benefit from the very latest security fixes and features from both our software and our third-party providers.

Release Availability

The pi.2023_09.2 is now available for customers to download from your usual outlets, depending on your deplyment type.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.