13 popular applications have serious security vulnerabilities, users need to update immediately
The discovered security vulnerability codenamed CVE-2023-4863 is related to heap buffer overflow in WebP due to programs and applications not managing memory well and allowing important system data to be overwritten.
If hackers successfully exploit the vulnerability, they can remotely take control of the system and launch larger-scale attacks.
This is a huge vulnerability because practically every software program or application that uses libwebp to display WebP images has problems.
The vulnerability affects a series of popular applications and OTT software such as Google Chrome, Mozilla Firefox, Microsoft Edge, Affinity, Gimp, Inkscape, LibreOffice, Thunderbird, ffmpeg, Honeyview, Telegram, Signal and 1Password.
In addition, the existence of WebP vulnerabilities also exists in many Android applications as well as cross-platform applications built with Flutter.
Google has confirmed the existence of the WebP vulnerability and has urgently released the Google Chrome 116 update to patch it.
Experts recommend that users who are using any of the applications mentioned in this article should update the software to the latest version immediately to keep their devices safer.
Apple's Security Architecture and Engineering (SEAR) team discovered and reported the WebP vulnerability in collaboration with The Citizen Lab on September 6, 2023.
You should read it
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Detected critical zero-day vulnerability on Adobe Reader
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability