Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
https://www.debian.org/security/2023/dsa-5569