A security flaw in numerous applications that can handle the WebP graphics format is currently threatening users worldwide. These include web browsers, graphics apps, and also messengers. We took a look at the vulnerability.
Serious WebP vulnerability
The WebP problem was discovered by Apple. A number of security updates have already been released there that fix the problem. The vulnerability is associated with the code used to render WebP images.
This is a heap buffer overflow vulnerability in the WebP codec, now known as CVE-2023-4863. The vulnerability is already being actively exploited, so an immediate update of all relevant applications that trade WebP is required.
Google, Mozilla, Microsoft, and Brave have also each released critical security patches, reports the online magazine Stack Diary. The patches address the vulnerability that an attacker could use to gain remote access to a PC or execute malicious code.
We have compiled a list of affected software. If you know of any other affected applications, please send us a news alert so that we can add the app to the list.
Critical WebP vulnerability in apps
- Google Chrome version for Windows
- Mozilla Firefox, Mozilla Thunderbird
- Microsoft Edge
- Brave Browser
- 1Password for Mac
- Inkscape (not yet updated)
NIST classifies the vulnerability as serious. The CVE-2023-4863 vulnerability was incorrectly labeled as “Chrome-only” by Miter and other organizations that track CVEs. As a result, many media outlets initially reported that it was only a problem with Google Chrome.
So this vulnerability affects not only web browsers but any software that uses the libwebp library. This includes Electron-based applications, such as Signal. Electron has also already patched the security vulnerability so that the partner projects can now also be updated.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.