WebP codec vulnerability: These browsers and apps are affected

A security flaw in numerous applications that can handle the WebP graphics format is currently threatening users worldwide. These include web browsers, graphics apps and also messengers. We took a look at the vulnerability.

Serious WebP vulnerability

The WebP problem was discovered by Apple. A number of security updates have already been released there that fix the problem. The vulnerability is associated with the code used to render WebP images.

This is a heap buffer overflow vulnerability in the WebP codec, now known as CVE-2023-4863. The vulnerability is already being actively exploited, so an immediate update of all relevant applications that trade WebP is required.

Google, Mozilla, Microsoft and Brave have also each released critical security patches, reports the Online magazine Stack Diary. The patches address the vulnerability that an attacker could use to gain remote access to a PC or execute malicious code.

We have compiled a list of affected software. The list is linked to the programs in WinFuture download area, so you can download the current versions straight away. If you know of any other affected applications, please send us one News noticeso that we can add the app to the list.

Critical WebP vulnerability in apps

NIST classifies the vulnerability as serious. The CVE-2023-4863 vulnerability was incorrectly labeled as “Chrome-only” by Miter and other organizations that track CVEs. As a result, many media outlets initially reported that it was just a problem Google Chrome acts.

So this vulnerability affects not only web browsers, but any software that uses the libwebp library. This includes Electron-based applications, such as Signal. Electron has also already patched the security vulnerability so that the partner projects can now also be updated.

See also: