Currently, browsing the internet poses a significant risk of potential hacking due to the emergence of a critical security vulnerability. This vulnerability exposes your computer to unauthorized access, potentially resulting in the installation of malicious software, data theft, or even full control of your system.
Reported by Stack Diary, the root of this issue lies in a vulnerability within WebP, a widely used image codec on the internet. In simpler terms, this vulnerability, known as a “heap buffer overflow,” allows malicious actors to overwrite data on your computer with their own code. They exploit this weakness by crafting a malicious WebP image. Once you view this image, it can potentially scrape your data, implant malware on your device, or even seize control of your system.
The concerning aspect is that this codec is pervasive, affecting numerous programs. Electron-based apps like Signal and 1Password, as well as applications using the lbwebp library such as Affinity, Gimp, Inkscape, LibreOffice, Telegram, Thunderbird, and ffmpeg, are among those impacted. Additionally, this vulnerability extends to many Android apps and apps developed using Flutter.
However, perhaps the most alarming aspect of this vulnerability is its impact on web browsers. If you use Safari, Chrome, Firefox, Brave, Microsoft Edge, or even Tor, your browser is susceptible to this WebP-related issue.
Fortunately, major browser providers have responded swiftly by issuing security patches since the discovery of this vulnerability. For instance, Apple released security updates for all currently supported devices last week, followed by security patches for older devices on Monday, specifically to address this issue. If you own an Apple device and have not yet updated to the latest software version, it is crucial to do so as soon as possible.
Here are the software version numbers for other major browsers:
- Chrome: 116.0.5846.187 (Mac and Linux), 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1, Firefox ESR 102.15.1, Firefox ESR 115.2.1
- Edge: 116.0.1938.81
- Brave: 1.57.64
