Security Alert: libwebp. Update all your browsers immediately and stay tuned for other 3rd party software updates [SERIOUS]

TL;DR: All major browsers are vulnerable, but have had patches available for 2 weeks. Please update your browsers ASAP and enable automatic updates if possible. It is suspected other applications are vulnerable and updates will be coming out soon.

Details

There is a bad vulnerability out there right now. 10/10 CVSS severity score. Simply viewing a malicious image allows the attacker to execute malicious code on your machine. Threat intel has observed this vulnerability being exploited in the wild.

Google actually announced and patched this vulnerability 2 weeks ago. All browsers also got patched within a day or two.

The vulnerability is in libwebp, a common library used by many applications, especially those based on Electron. We don't know yet the scope of how many applications out there are actually vulnerable yet, but it looks like it could be a lot. Keep a closer eye on your software updates in the coming weeks and install updates as soon as possible.

Minimum safe browser versions: (But you should update to the latest)

Chrome: 117.0.5938.92

Edge: 117.0.2045.31

Firefox: 117.0.1

Brave: 1.57.64

Opera: 102.0.4880.51

Safari: 16.6.1

Internet Explorer: None, End of Life for years, what are you even doing?

You should also make sure your 7zip is at least version 23 (and of course don't open untrusted archives)

More information:

https://www.reddit.com/r/sysadmin/comments/16teato/ah_f_cvss_100_dropped_absolute_meltdown_incoming/

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

https://blog.isosceles.com/the-webp-0day/

https://www.techradar.com/pro/security/huge-security-breach-affects-chrome-firefox-brave-edge-and-plenty-more-apps-besides-heres-what-you-need-to-know

https://www.msn.com/en-us/news/technology/update-everything-this-critical-webp-vulnerability-affects-major-browsers-and-apps/ar-AA1gWp5Z#image=AA1h6stn|1

If alerts like these are helpful, let me know and I can look into formalizing these announcements in a subreddit like r/CryptoSecurity or a reddit Collection that pings users who subscribe.

submitted by /u/CryptoMaximalist
[link] [comments]

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.

	The Riveting World of Bombay Club
	SOCIAL GOOD 100$ free sign up bonus + 100% Cashback on daily purchases
	Ethereum Expected to Thrive in 2023
	How To Get Started On Cryptocurrency Gaming
	5 Important Features of White Label NFT Marketplace
	How to get started with crypto gambling
	Best 7 Web3 Apps That Pay You Crypto
	6 Must-Have Tools For Crypto Traders
	Can Ethereum 2.0 Be Converted to Cash?
	Cryptocurrency in Gambling: Features and Benefits
	What are the Core Facets of a Successful Cryptocurrency?
	Cost to Develop Your Own Cryptocurrency Website
	EgldRush - The best Elrond NFT project Farming, Staking, Rewarding
	Choosing a Safe Cryptocurrency Exchange 2022
	Let's Talk About Security in Crypto

Security Alert: libwebp. Update all your browsers immediately and stay tuned for other 3rd party software updates [SERIOUS]

Details

Comments

Categories

Tags

Subscribe

Details

Related Posts

Comments