Article - CS403605

Google Chrome browser's multiple CVEs - Impact on Creo Parametric family of products

Modified: 09-Jan-2024   


Applies To

  • Creo Parametric 3.0 M010 to 10.0
  • Creo Simulate 3.0 M010 to 7.0
  • Creo Direct 3.0 M010 to 7.0
  • Creo Layout 3.0 M010 to 7.0
  • Creo+
  • Creo Elements/Direct Drafting 20.2
  • Creo Elements/Direct Modeling 20.2
  • Embedded Chromium-based browser
  • CEF (Chromium Embedded Framework) prior to CEF 119.0.6045.123
  • libwebp software library prior to version 1.3.2
  • Creo Render Studio
  • Creo Options Modeler

Description

  • Google Chrome browser's multiple CVEs -- Impact on Creo Parametric family of products using CEF (Chromium Embedded Framework)
    • CVE-2023-4863 : Zero-day or Zero-click - Heap buffer overflow in libwebp (in Google Chrome CEF prior to 116.0.5845.187)
    • CVE-2023-5217 : Zero-day - Heap buffer overflow in libvpx (in Google Chrome CEF prior to 117.0.5938.132)
    • CVE-2023-5218 : Use after free in Site Isolation (in Google Chrome CEF prior to 118.0.5993.70)
    • CVE-2023-5996 : Use after free in WebAudio (in Google Chrome prior to CEF 119.0.6045.123)
  • Is Creo Parametric Chromium-based embedded browser impacted by Chromium CVE list above?
  • Some Creo Parametric installations may be impacted by Creo Ansys Simulation libwebp Critical CVE-2023-4863
  • Is it possible to mitigate impact of the above CVEs
This is a printer-friendly version of Article 403605 and may be out of date. For the latest version click CS403605