AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

What’s new: An AI agent has discovered 21 zero-day vulnerabilities in FFmpeg, a widely used media library, with some bugs dating back as far as 2003. In a separate update, Google released Chrome 149, addressing a record 429 security vulnerabilities, including critical issues in the ANGLE graphics engine.

Who’s affected

Users and organizations utilizing FFmpeg in their media processing pipelines and those using Chrome browsers are affected. The vulnerabilities in FFmpeg could impact any application that relies on this library for video processing.

What to do

• For FFmpeg, update to the latest version as soon as it becomes available from your distribution or pull the fixed upstream build. Prioritize updates for any systems that handle untrusted RTSP or AV1-over-RTP streams.
• For Chrome, ensure that your browser is updated to version 149.0.7827.53 on Linux or 149.0.7827.53/54 on Windows and macOS, or verify that auto-update has completed successfully.
• Implement shorter patch cycles and prioritize auto-updates for all software components to keep pace with the increasing volume of vulnerabilities.

Sources

• The Hacker News