web analytics
Home » Technology » Internet » WebP codec vulnerability: List of The Affected Browsers and Apps

WebP codec vulnerability: List of The Affected Browsers and Apps

1 year ago Yasir Zeb

A security flaw in numerous applications that can handle the WebP graphics format is currently threatening users worldwide. These include web browsers, graphics apps, and also messengers. We took a look at the vulnerability.

Serious WebP vulnerability

The WebP problem was discovered by Apple. A number of security updates have already been released there that fix the problem. The vulnerability is associated with the code used to render WebP images.

This is a heap buffer overflow vulnerability in the WebP codec, now known as CVE-2023-4863. The vulnerability is already being actively exploited, so an immediate update of all relevant applications that trade WebP is required.

Google, Mozilla, Microsoft, and Brave have also each released critical security patches, reports the online magazine Stack Diary. The patches address the vulnerability that an attacker could use to gain remote access to a PC or execute malicious code.

We have compiled a list of affected software. If you know of any other affected applications, please send us a news alert so that we can add the app to the list.

Critical WebP vulnerability in apps

  • Google Chrome version for Windows
  • Mozilla Firefox, Mozilla Thunderbird
  • Microsoft Edge
  • Brave Browser
  • Waterfox
  • 1Password for Mac
  • Signal
  • Honeyview
  • Affinity
  • Gimp
  • Inkscape (not yet updated)
  • LibreOffice
  • Telegram

NIST classifies the vulnerability as serious. The CVE-2023-4863 vulnerability was incorrectly labeled as “Chrome-only” by Miter and other organizations that track CVEs. As a result, many media outlets initially reported that it was only a problem with Google Chrome.

So this vulnerability affects not only web browsers but any software that uses the libwebp library. This includes Electron-based applications, such as Signal. Electron has also already patched the security vulnerability so that the partner projects can now also be updated.

Tags:

More Stories

Firefox 133 Brings Big Changes for Android Tablets and Foldable Devices

5 hours ago Yasir Zeb

Amazon Haul Appears In response to Temu & Shein

8 hours ago Joshua Bato

Unlimited Data Plans Verizon In The U.S.

3 weeks ago Research Snipers

Today’s Latest

Firefox 133 Brings Big Changes for Android Tablets and Foldable Devices

5 hours ago Yasir Zeb
IPTV

Why IPTV Main is the Top Choice for British IPTV

5 hours ago Research Snipers
Redmagic 10pro

RedMagic 10 Pro Launches Globally with Snapdragon 8 Elite 7000mAh Plus Battery

5 hours ago Yasir Zeb

Apple quitely introduces new display technology

8 hours ago Yasir Zeb
Hoodie

Why Choosing the Right Hoodie Manufacturer is Essential for Your Brand’s Success

8 hours ago Priti Rajpoot

Motherboard manufacturer MSI starts investigation

8 hours ago Priti Rajpoot

Amazon Haul Appears In response to Temu & Shein

8 hours ago Joshua Bato

Revolutionizing Writing with Tools That Help Writers Generate Paragraphs

8 hours ago Amit Gohar

Discover the Health Benefits of Organic Coffee: Why Your Brew Choice Matters

8 hours ago Research Snipers

Support Ends For 2 iPhones and Apple Watch Series 2

9 hours ago Research Snipers