October 4, 2023

Taylor Daily Press

Complete News World

Malicious WebP files infect Chrome and other browsers

Malicious WebP files infect Chrome and other browsers

All major browsers had to roll out a security patch this week. Hackers insert malicious code into WebP files to compromise memory.

The vulnerability has been named CVE-2023-4863 Although the result has not yet been calculated, NIST considers the error very serious. Google also warns against misuse of the vulnerability. Attackers create malicious WebP files to create a Heap buffer overflow To cause. The WebP protocol is a popular standard for uploading media files to web pages. Google introduced WebP around 2010 to make attachments lighter and improve website loading times.

Hackers who want to exploit the vulnerability attempt to fill WebP files with as much malicious code as possible to cause the browser’s memory to “overflow” when the file is loaded. The “good” code is then replaced with malicious code that allows attackers to take control of your device.

quick answer

Fortunately, there was a quick and unanimous response from the browser. The patches released this week highlight the extent of the vulnerability. It was Google on Monday the first Which rolled out an update to Chrome, followed this week by Microsoft, Mozilla, and Brave.

To be able to download WebP files with confidence, the above browsers must be updated to the following versions:

  • Google Chrome: 116.0.5845.187/.188 (Windows) or 116.0.5846.187 (Mac/Linux)
  • Firefox: Version 117.0.1
  • Microsoft Edge: Version 116.0.1938.81
  • Brave: Version 1.57.64

The impact of the vulnerability extends beyond the browser landscape. Messaging apps Signal and Telegram also had to roll out an emergency patch this week, just like Microsoft 365 competitor LibreOffice.