https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release of updates to address the issue.⚠️ Important: Let me make it perfectly clear that this vulnerability doesn't just affect web browsers, it affects any software that uses the libwebp library. This includes Electron-based applications, for example - Signal. Electron patched the vulnerability yesterday. Also, software like Honeyview (from Bandisoft) released an update to fix the issue. CVE-2023-4863 was falsely marked as Chrome-only by Mitre and other organizations that track CVE's and 100% of media reported this issue as "Chrome only", when it's not.
The root of the issue lies within the "BuildHuffmanTable" function which was first introduced in 2014, the function is used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data.
Hope you updated your browser before loading rdrama today, bros.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
this neighbor be trippin fr
Jump in the discussion.
No email address required.
I got webp image previews working with lf so I don't really care anymore to hate webp.
Jump in the discussion.
No email address required.
More options
Context
Webp is a dope format, I get hard every time I compress a jpeg with it.
Jump in the discussion.
No email address required.
Die
Jump in the discussion.
No email address required.
Enjoy your 20mb webpages, you are digitally fat.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context