VP8/VP9's libvpx 1.13.1 Released Due To A High Severity Vulnerability
CVE-2023-5217 is due to a heap buffer overflow within the VP8 encoding path in libvpx used by Google Chrome. With prior Chrome versions and pre-1.13.1 for libvpx, a remote attacker could potentially exploit heap corruption via a specially crafted HTML page. Google is aware of an exploit for this vulnerability existing in the wild.
Details on this security vulnerability can be found via the oss-security list.
Released on Friday night was the libvpx 1.13.1 update with this security fix for CVE-2023-5217 as well as a crash related to VP9 encoding.