WebP Image Threat Requires Immediate Updates for Web Browsers

<p>Hackers have recently started exploiting WebP images in order to compromise computer systems&period; Fortunately&comma; major companies have responded fast by issuing security patches for their web browsers&period; The National Institute of Standards and Technology &lpar;NIST&rpar; has recognized the seriousness of this threat&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-3593" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2020&sol;03&sol;arrow-1773951&lowbar;640&period;png" alt&equals;"" width&equals;"640" height&equals;"285" &sol;><&sol;p>&NewLine;<p>The Apple Security Engineering and Architecture &lpar;SEAR&rpar; team&comma; in collaboration with The Citizen Lab at The University of Toronto’s Munk School&comma; reported this vulnerability on September 6&comma; 2023&period; Google confirmed the existence of an exploit for CVE-2023-4863 in the wild&comma; noting the need for immediate action&period;<&sol;p>&NewLine;<p>It&&num;8217&semi;s important to say that it&&num;8217&semi;s not just web browsers that are affected&semi; other programs using the same technology could also be vulnerable&period; Some of these programs include Signal&comma; 1Password&comma; and more&comma; but they are actively working on fixing the issue&period;<&sol;p>&NewLine;<p>You might ask yourself&comma; what exactly is WebP&quest; Well&comma; it&&num;8217&semi;s a modern image format designed for web-based images&comma; leveraging powerful compression techniques&comma; both lossless and lossy&period; It&&num;8217&semi;s compatible with all the popular web browsers&comma; including Chrome&comma; Firefox&comma; Edge&comma; and Safari&period;<&sol;p>&NewLine;<p>Here&&num;8217&semi;s how the major Web browser players have reacted to the situation&colon;<&sol;p>&NewLine;<p>&&num;8211&semi; Google acted promptly by releasing updates for Google Chrome on various platforms&period;<&sol;p>&NewLine;<p>&&num;8211&semi; Mozilla&comma; the company behind Firefox&comma; also plans to roll out updates&period;<&sol;p>&NewLine;<p>&&num;8211&semi; Apple didn&&num;8217&semi;t lag behind and has promptly issued an update to address this vulnerability&period;<&sol;p>&NewLine;<p>&&num;8211&semi; Other browsers like Brave and Microsoft Edge also confirmed the release of updates&period;<&sol;p>&NewLine;<p>&&num;8211&semi; Electron-based applications&comma; such as Signal and 1Password for Mac&comma; were at risk until they updated their libwebp versions&period;<&sol;p>&NewLine;<p>&&num;8211&semi; Various Linux platforms like Ubuntu&comma; Debian&comma; and SUSE are also actively working on updating their libwebp versions as well&period;<&sol;p>&NewLine;<p>To protect yourself&comma; make sure to update your browsers and affected apps right away&period; If updates still aren&&num;8217&semi;t possible&comma; you can reduce the risk of this exploit by avoiding suspicious websites and downloads&period;<&sol;p>&NewLine;