Attention, internet users: A critical WebP vulnerability is putting a wide range of web browsers and applications at risk. This security flaw allows attackers to potentially take control of your system and steal sensitive data. Google has confirmed that the issue is currently being exploited. Although, the issue extends far beyond Google Chrome, affecting multiple platforms.
First off, what is WebP? It’s a modern image format that provides superior lossless and lossy compression for images on the web. And a critical vulnerability in the WebP codec can trigger a heap buffer overflow.
WebP Vulnerability Capabilities:
According to a report by Stackdiary, a heap buffer overflow vulnerability that could potentially allow attackers to:
- Execute malicious code
- Steal your data
- Install malware
For those interested in the technical details, the vulnerability has been designated as CVE 2023-4863. It’s crucial to note that the flaw affects any application that utilizes the Libwebp library for rendering WebP images. This makes the vulnerability far-reaching, affecting a multitude of software across different platforms and usage scenarios.
Affected Applications: It’s Not Just Chrome!
While many are quick to point fingers at Google Chrome, the issue is far more widespread. Here’s a list of some other affected applications:
- Web Browsers: Firefox, Brave, Edge
- Design Software: Affinity, Gimp, Inkscape
- Office Suites: Libreoffice
- Communication Apps: Telegram, Signal, Thunderbird
- Password Managers: 1Password
- Media Software: Ffmpeg
Security updates have already been rolled out for Chrome, Firefox, Brave, and Edge. Other Chromium-based browsers are expected to follow suit. Patches for frameworks like Electron have also been released.
How to Protect Yourself
To safeguard against this vulnerability, it is strongly advised to update your web browser and all other applications that are known to be affected. Keeping your software up-to-date is not merely about having the latest features but is a critical aspect of your digital security. Additionally, it’s wise to stay abreast of developments related to this vulnerability, especially for Android users, as the issue also pertains to the Android operating system.
