Comment

Comment on UPDATE YOUR BROWSERS IMMEDIATELY. RCE VULNERABILITY DISCOVERED

I’ve read elsewhere it’s actually a problem with libwebp not just chrome.
Basically, anything that relies on libwebp (ie can play libwebp) is vulnerable.
snyk.io/blog/critical-webp-0-day-cve-2023-4863/

source

Sort:hotnew top

cheese_greater@lemmy.world ⁨1⁩ ⁨year⁩ ago
I wonder if it applies to devices using LockDown mode, thats shuts down a lot of nonsense in its own right…

source
- towerful@programming.dev ⁨1⁩ ⁨year⁩ ago
  techtarget.com/…/Browser-companies-patch-critical…
  
  Citizen Lab said Blastpass was discovered on the device of an employee with “a Washington DC-based civil society organization” and that it could be mitigated by Apple’s Lockdown Mode. An investigation into the exploit chain continues, but researchers said it involved “PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.”
  
  source
  - cheese_greater@lemmy.world ⁨1⁩ ⁨year⁩ ago
    Good, I’m so fucking tired of this bullshit.
    
    source
    towerful@programming.dev ⁨1⁩ ⁨year⁩ ago
    Nah, this bullshit is progress.
    The root of this problem has always existed. Exploits have always been there, mistakes have always been there. These things are fundamentally unavoidable.
    Acknowledging then, documenting them is new. Sensible disclosure is new. Companies paying for these bug bounties before they are publicly disclosed (so they can be fixed) is new.
    And it’s awesome. It’s security. It’s people working together for the betterment of everyone.
    
    It would be amazing if people didn’t make mistakes. But that isn’t possible.
    Openess, honesty and quickly remedying of issues is possible, and it’s laudable.
    
    So yeh, next time you get an annoying update that interrupts you’re workflow. Please understand the work and reason behind the update. You can still be pissed at the interruption, but please appreciate the human reason for it.
    
    source
    -> View More Comments