Jump to content

Severe vulnerability found in all browsers, and it’s being attacked


Recommended Posts

Posted

From PC World:

A severe vulnerability has been found in libwebp, a code library used to render webp images, reports Stack Diary. Webp is a popular image format used by many sites on the Internet – but also by apps and some other software that use web views – and the vulnerability can be used, among other things, to run malicious code on affected devices. Worse yet, it is reportedly being actively exploited by malicious attackers.



The vulnerability has been labelled CVE-2023-4863 and is considered extremely serious. Major browsers such as Chrome, Edge, Firefox, Opera, Vivaldi, and Brave have already released security fixes. To make sure you have the latest version of a browser, go to Help > About (browser name) in its options menu. If a new update is available, it should then download automatically.

 

If you haven't updated your browser, check for updates now!

  • Like 1
  • Thanks 2
Posted

Fixed in Debian firefox-esr two days ago:

Quote

Package : firefox-esr CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed in version 102.15.1esr-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in version 102.15.1esr-1~deb12u1.

 

  • Like 1
Posted

The same CVE also affected Thunderbird apparently. It was fixed in Debian yesterday.

  • Like 2
Posted

libwebp packages also just upgraded in Debian Bullseye, same CVE:

 

Quote

- -------------------------------------------------------------------------

Debian Security Advisory DSA-5497-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2023 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

Package : libwebp

CVE ID : CVE-2023-4863

A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1-2.1+deb11u2.

 

  • 2 weeks later...
Posted
48 minutes ago, crp said:

and here comes FireFox's latest security patch

The patch was release last Thursday.

 

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...