The vulnerability lies in the libwebp code library created by Google in 2010 to generate webp images. This format is widely used in applications, operating systems and code libraries. Google initially issued a security alert that mistakenly attributed the vulnerability solely to Chrome.
This vulnerability allows attackers to execute malicious code while viewing a booby-trapped webp image.
The new Google post, tracked as CVE-2023-5129, correctly lists libwebp as the vendor and software affected by the vulnerability. Severity rating increased from 8.8 to 10 out of 10.
Despite the statement, many applications, including Microsoft Teams, were not patched.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
