Current Description
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Comment on UPDATE YOUR BROWSERS IMMEDIATELY. RCE VULNERABILITY DISCOVERED
cheese_greater@lemmy.world 11 months ago
What actual like platforms does this affect and to what extent tho? Like Mac (probably not iOS which is WebKit)?
Th3D3k0y@lemmy.world 11 months ago
cheese_greater@lemmy.world 11 months ago
By crafter webpage, does it mean it refers to anything like phishing or something a more savvy user wouldn’t likely “fall for” or does that actually not matter (zero-day or whatever)
Feathercrown@lemmy.world 11 months ago
Looks like it can do RCE without use interaction other than visiting the page-- not good!
Phen@lemmy.eco.br 11 months ago
Discord, slack, MS Teams, Steam, pretty much anything. But most of them have already fixed it so if you let stuff update itself frequently, there’s little risk.
GamingChairModel@lemmy.world 11 months ago
Apple also released urgent out-of-band security patches for iOS and MacOS around the same time, and disclosed that it had something to o do with imag processing. Unclear whether they use libwebp or some other implementation, but they disclosed that it was being actively exploited on iPhones.
towerful@programming.dev 11 months ago
I’ve read elsewhere it’s actually a problem with libwebp not just chrome.
Basically, anything that relies on libwebp (ie can play libwebp) is vulnerable.
snyk.io/blog/critical-webp-0-day-cve-2023-4863/
cheese_greater@lemmy.world 11 months ago
I wonder if it applies to devices using LockDown mode, thats shuts down a lot of nonsense in its own right…
towerful@programming.dev 11 months ago
techtarget.com/…/Browser-companies-patch-critical…
cheese_greater@lemmy.world 11 months ago
Good, I’m so fucking tired of this bullshit.