In a race against the clock to protect user security, major browser vendors, including Google and Mozilla, have rushed to release critical updates in response to a critical vulnerability discovered in the WebP Codec.
This newly discovered vulnerability with the identifier CVE-2023-4863 has sent shockwaves throughout the cybersecurity community due to its exploitability.
Nature of the Vulnerability
The security flaw identified and designated the identifier CVE-2023-4863 is a heap buffer overflow in libwebp.
An attacker could exploit this vulnerability through a malicious WebP image, posing a significant risk.
Popular web browsers such as Google Chrome and Mozilla Firefox utilize this image format due to its efficient image compression capabilities.
Google created WebP, a contemporary image format renowned for its superior lossless and lossy compression capabilities, which make it ideal for web images.
Its size and performance advantages, which surpass traditional formats such as PNG and JPEG, have led to its widespread adoption.
A user opening a tainted image could potentially initiate a heap buffer overflow within the content process, leading to the execution of arbitrary code or system compromise.
This emphasizes the importance of addressing this issue as soon as possible to prevent further abuse and shield users from potential harm.
The problem can be traced back to the “BuildHuffmanTable” function, which is used to check that data is correct. In particular, the bug happens when more memory is given if the table turns out to be too small for correct data.
With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.
Swift Responses from Major Browsers
Google showed how quickly it could act by making important changes to its Stable and Extended stable channels.
These important changes, which have the version numbers 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, have already been put in place and will be rolled out gradually over the next few days and weeks.
Mozilla is also being strategic, and it plans to release its update in Firefox version 117.0.1 to protect its large number of users.
Apple has also sent out an update that fixes this flaw, which is a big deal.
This weakness was found on September 6, 2023, when the Apple Security Engineering and Architecture (SEAR) team and The Citizen Lab at the University of Toronto’s Munk School reported it in a responsible way.
Google and Mozilla also confirmed that a live exploit for CVE-2023-4863 is out in the wild. This shows how urgent the situation is.
User Vigilance Advised
Users are strongly encouraged to update their computers as soon as possible so they can use these important security patches.
The proactive steps browser makers take to keep the internet experience safe and reliable show how much everyone wants to keep it that way.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.