Update your browsers ASAP

2023-09-14 By admin

In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a significant vulnerability that could potentially allow attackers to infiltrate your computer and execute malicious code.

What’s even more concerning is that these vulnerabilities have already been exploited in real-world scenarios, prompting swift responses from these tech giants.

The National Institute of Standards and Technology (NIST) has classified this vulnerability as severe, emphasizing the urgency of updating your software.

The National Institute of Standards and Technology (NIST) classifies this vulnerability as severe

The vulnerability details

This vulnerability is associated with the rendering of WebP images, a widely used format on the web. Attackers have leveraged this weakness to compromise systems, making it imperative for users to take action.

Here are the specific software versions that contain the necessary fixes:

What is Webp?

Webp is a contemporary image format that has been gaining popularity due to its compact size and efficiency. Unlike traditional image formats like PNG and JPEG, Webp uses advanced compression techniques to reduce the file size without sacrificing image quality. This makes it particularly useful for websites and applications where fast loading times and low data usage are important.

Webp supports both lossy and lossless compression, allowing users to choose between a smaller file size or a higher level of detail in their images. Additionally, Webp includes features such as animation support, transparency, and Exif metadata, making it a versatile option for a wide range of use cases.

Popular browsers released security patches against Webp vulnerability — Webp uses advanced compression techniques to reduce file size, making it faster than PNG and JPEG

Beyond browsers

The scope of this vulnerability extends beyond just browsers. Stack Diary also highlights that Electron-based applications like the encrypted messaging app Signal and Bandisoft’s Honeyview have issued patches for this issue.

Furthermore, numerous other applications, including Affinity, Gimp, LibreOffice, Telegram, many Android applications, and even “cross-platform apps built with Flutter,” are at risk.

Apple has also stepped in by releasing a security patch that appears to address a similar issue. Although it references a different issue number on the NIST site, it underscores the widespread concern within the tech industry regarding this vulnerability.