Hackers have recently started exploiting WebP images in order to compromise computer systems. Fortunately, major companies have responded fast by issuing security patches for their web browsers. The National Institute of Standards and Technology (NIST) has recognized the seriousness of this threat.
The Apple Security Engineering and Architecture (SEAR) team, in collaboration with The Citizen Lab at The University of Toronto’s Munk School, reported this vulnerability on September 6, 2023. Google confirmed the existence of an exploit for CVE-2023-4863 in the wild, noting the need for immediate action.
It’s important to say that it’s not just web browsers that are affected; other programs using the same technology could also be vulnerable. Some of these programs include Signal, 1Password, and more, but they are actively working on fixing the issue.
You might ask yourself, what exactly is WebP? Well, it’s a modern image format designed for web-based images, leveraging powerful compression techniques, both lossless and lossy. It’s compatible with all the popular web browsers, including Chrome, Firefox, Edge, and Safari.
Here’s how the major Web browser players have reacted to the situation:
– Google acted promptly by releasing updates for Google Chrome on various platforms.
– Mozilla, the company behind Firefox, also plans to roll out updates.
– Apple didn’t lag behind and has promptly issued an update to address this vulnerability.
– Other browsers like Brave and Microsoft Edge also confirmed the release of updates.
– Electron-based applications, such as Signal and 1Password for Mac, were at risk until they updated their libwebp versions.
– Various Linux platforms like Ubuntu, Debian, and SUSE are also actively working on updating their libwebp versions as well.
To protect yourself, make sure to update your browsers and affected apps right away. If updates still aren’t possible, you can reduce the risk of this exploit by avoiding suspicious websites and downloads.