Cloud Software Group will continue to update this post as additional information becomes available.
Summary
Google Chromium Heap-Based Buffer Overflow Vulnerability
Cloud Software Group is aware of the vulnerabilities (CVE-2023-4863 and CVE-2023-5217) that impact Chromium.
CVE-2023-4863 description: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2023-5217 description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
We are continuing to evaluate the potential impact of these vulnerabilities on our products. Cloud Software Group will provide further information as it becomes available.
Affected Products
Citrix Enterprise Browser for Citrix Workspace app
Affected Versions
Citrix Enterprise Browser versions before v117 for Citrix Workspace app 2309
What customers should do
Citrix strongly suggest customers to install Citrix Enterprise Browser v117 or later versions:
Citrix Workspace app for Windows:
Install Workspace app for Windows 2309 or later versions which contains Citrix Enterprise Browser v117 - https://www.citrix.com/downloads/workspace-app/windows/workspace-app-for-windows-latest.html
Citrix Workspace app for Mac:
Install Citrix Enterprise Browser v117 or later versions - https://www.citrix.com/downloads/workspace-app/citrix-enterprise-browser-for-mac/workspace-app-for-CEB-Mac-Latest.html
References:
https://www.chromium.org/Home/
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://nvd.nist.gov/vuln/detail/CVE-2023-5217
Changelog
Date | Change |
2023-10-06 | Initial Publication |
2023-10-13 | Adding Impact analysis for Citrix Enterprise Browser for CWA |