Article - CS403605
Google Chrome browser's multiple CVEs - Impact on Creo Parametric family of products
Modified: 09-Sep-2024
Applies To
- Creo Parametric 3.0 M010 to 10.0
- Creo Simulate 3.0 M010 to 7.0
- Creo Direct 3.0 M010 to 7.0
- Creo Layout 3.0 M010 to 7.0
- Creo+
- Creo Elements/Direct Drafting 20.2
- Creo Elements/Direct Modeling 20.2
- Embedded Chromium-based browser
- CEF (Chromium Embedded Framework) prior to CEF 119.0.6045.123
- libwebp software library prior to version 1.3.2
- Creo Render Studio
- Creo Options Modeler
Description
- Google Chrome browser's multiple CVEs -- Impact on Creo Parametric family of products using CEF (Chromium Embedded Framework)
- CVE-2023-4863 : Zero-day or Zero-click - Heap buffer overflow in libwebp (in Google Chrome CEF prior to 116.0.5845.187)
- CVE-2023-5217 : Zero-day - Heap buffer overflow in libvpx (in Google Chrome CEF prior to 117.0.5938.132)
- CVE-2023-5218 : Use after free in Site Isolation (in Google Chrome CEF prior to 118.0.5993.70)
- CVE-2023-5996 : Use after free in WebAudio (in Google Chrome prior to CEF 119.0.6045.123)
- Is Creo Parametric Chromium-based embedded browser impacted by Chromium CVE list above?
- Some Creo Parametric installations may be impacted by Creo Ansys Simulation libwebp Critical CVE-2023-4863.
- Is it possible to mitigate impact of the above CVEs?
This is a printer-friendly version of Article 403605 and may be out of date. For the latest version click CS403605