• Critical WebP bug: many apps, not just browsers, under threat

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Critical WebP bug: many apps, not just browsers, under threat



    The heap buffer overflow (CVE-2023-4863) vulnerability in the WebP Codec is being actively exploited in the wild.

    A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release of updates to address the issue.

    Update (9/13/2023): So far the Web Browsers that have confirmed a fix and released an update include: Google Chrome[1], Mozilla Firefox[2], Brave[3], and Microsoft Edge[4]. If your browser of choice is using Chromium then expect an update to already be rolled out or will be done shortly.

    ⚠️ Important: Let me make it perfectly clear that this vulnerability doesn’t just affect web browsers, it affects any software that uses the libwebp library…

    Who uses libwebp? There are a lot of applications that use libwebp to render WebP images, I already mentioned a few of them, but some of the others that I know include: Affinity (the design software), Gimp, Inkscape, LibreOffice, Telegram, Thunderbird (now patched), ffmpeg, and many, many Android applications as well as cross-platform apps built with Flutter.

    Update (9/14/2023): 1Password for Mac have released an update to address the issue. 1Password (like many others) is an application built with Electron, and until all these apps upgrade to the latest version – they are considered vulnerable based on the severity of the bug…

    • This topic was modified 2 months, 3 weeks ago by Alex5723.
    4 users thanked author for this post.
    Viewing 12 reply threads
    Viewing 12 reply threads
    Reply To: Critical WebP bug: many apps, not just browsers, under threat

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: