Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Update Everything: This Critical WebP Vulnerability Affects Major Browsers and Apps

MakeUseOf: “A major vulnerability, CVE-2023-4863, can give hackers remote access to your whole system. Here’s what to do. A critical vulnerability in the WebP Codec has been discovered, forcing major browsers to fast-track security updates. However, widespread use of the same WebP rendering code means countless apps are also affected, until they release security patches. So what is the CVE-2023-4863 vulnerability? How bad is it? And what can you to? What Is the WebP CVE-2023-4863 Vulnerability? The issue in the WebP Codec has been named CVE-2023-4863. The root lies within a specific function of the WebP rendering code (the “BuildHuffmanTable”), making the codec vulnerable to heap buffer overflows. A heap buffer overload occurs when a program writes more data to a memory buffer than it’s designed to hold. When this happens, it can potentially overwrite adjacent memory and corrupt data. Worse still, hackers can exploit heap buffer overflows to take over systems and devices remotely. Hackers can target apps known to have buffer overflow vulnerabilities and send them malicious data. For example, they could upload a malicious WebP image that deploys code on the user’s device when they view it in their browser or another app. This kind of vulnerability existing in code as widely used as the WebP Codec is a serious issue. Aside from major browsers, countless apps use the same codec to render WebP images. At this stage, the CVE-2023-4863 vulnerability is too widespread for us to know how big it really is and the cleanup is going to be messy…”

Sorry, comments are closed for this post.