Update your browsers ASAP
In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a significant vulnerability that could potentially allow attackers to infiltrate your computer and execute malicious code.
What's even more concerning is that these vulnerabilities have already been exploited in real-world scenarios, prompting swift responses from these tech giants.
The National Institute of Standards and Technology (NIST) has classified this vulnerability as severe, emphasizing the urgency of updating your software.
The vulnerability details
This vulnerability is associated with the rendering of WebP images, a widely used format on the web. Attackers have leveraged this weakness to compromise systems, making it imperative for users to take action.
Here are the specific software versions that contain the necessary fixes:
- Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
- Microsoft: Edge version 116.0.1938.81
- Brave: Brave Browser version 1.57.64
What is Webp?
Webp is a contemporary image format that has been gaining popularity due to its compact size and efficiency. Unlike traditional image formats like PNG and JPEG, Webp uses advanced compression techniques to reduce the file size without sacrificing image quality. This makes it particularly useful for websites and applications where fast loading times and low data usage are important.
Webp supports both lossy and lossless compression, allowing users to choose between a smaller file size or a higher level of detail in their images. Additionally, Webp includes features such as animation support, transparency, and Exif metadata, making it a versatile option for a wide range of use cases.
Beyond browsers
The scope of this vulnerability extends beyond just browsers. Stack Diary also highlights that Electron-based applications like the encrypted messaging app Signal and Bandisoft's Honeyview have issued patches for this issue.
Read also: Recent cyberattack hits the hotel chain giant.
Furthermore, numerous other applications, including Affinity, Gimp, LibreOffice, Telegram, many Android applications, and even "cross-platform apps built with Flutter," are at risk.
Apple has also stepped in by releasing a security patch that appears to address a similar issue. Although it references a different issue number on the NIST site, it underscores the widespread concern within the tech industry regarding this vulnerability.
Advertisement
@Tom Hawack quote: “So : where are the responsibilities here, site admins or Softonic? What the hell is going on? Beyond technical matters, fixing-up feasibility, there is plain, civilized politeness, I mean you don’t let this crappy comments’ management perpetuate without a word of explanation.”
I’m thinkin A: Softonic is perpetuating a ‘wild-west-atmosphere’? or B: They just ‘don’t give a damn’…
Either way, It’s a shame to see this company openly abuse long time ‘ghacks’ Contributors and Readers by not correcting these ongoing ‘comment-issues’.
Thank You So Much, to ‘Everyone’ that has commented here over the years ((( I Really Enjoyed All-Y’all )))
Article Title: Update your browsers ASAP
Article URL: [https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/]
—
@11r20, maybe hypothesis (B) applies. And it wouldn’t be here only that not giving a damn is spreading as if becoming a new standard of dialog. People applying for a job most of the time get no answer, developers (on GitHub as elsewhere) not replying to a precise question, visitors not acknowledging the answer to a question they have themselves formulated, and so on and so on. Makes me feel like living in a ghost world sometimes, or in a town when a hurricane is announced and everyone is barricaded in their homes. Dialogs are vanishing, people talk and write less and less, I discover extensions, scripts for instance where not one word of what their work performs, it’s just laying the minimum and then going silently out of scope. Where is this world leading to? Debates, dialogs, sharing our experiences, human relationships is the very blood of body humanity! Good Lord.
With you and I presume with many others I’ll say and write : “Thank You So Much, to ‘Everyone’ that has commented here over the years ((( I Really Enjoyed All-Y’all )))”. Let’s carry on. But concerning Ghacks we’ll need comments being respected by whom ever is responsible.
How comes so many different pieces of software have the same issue ? Do they all use the same code to handle webp ? Or is it an issue with the webp standard itself ?
Article Title: Update your browsers ASAP
Article URL: [https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/]
The writing style in this article is quite different to the writing style in most other articles by the same author which implies a different AI generator/configuration is being used.
Can gHacks please disclose which authors are AI and which are human? If you really think AI authors are beneficial to the site then you should have no problem disclosing it. And if real authors are being incorrectly accused as AI by multiple commenters then you should be defending them, link to their past journalism, etc.
Personally I’m going to stop viewing this site soon if the comments don’t get fixed and the AI authors aren’t disclosed and can’t be filtered. It’ll be sad to let the site go but it has gone downhill dramatically. Martin do you still have editorial control?
The article [/2023/09/14/chrome-firefox-and-brave-releases-security-patches/] contradicts itself in several places – so it’s hardly surprising people are suspicious.
If you are noticing inaccuracies with your comments erroneously appearing within in the wrong threads, etc. You can contact Softonic International, S.A., the Data Controller, and exercise your legal rights regarding the right to rectification.
Article Title: Update your browsers ASAP
Article URL: [https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/]
—
@said, @Long time reader was referring to the article’s style whilst you mention contradictions within the article. May I ask you what contradictions? Nothing to do with qualifying or disqualifying the author, just to know (Elglish is not my mother-tongue)
Regarding the gigantic database mix-up which leads to comments erroneously appearing within in the wrong threads, this has been lasting for over a month perhaps. Annoying. But this concerns visitors’ comments localization, not their comments being modified, so I don’t understand in what rectification is concerned. Whatever, Softonic seems not at all tonic in repairing what must be repaired, moreover not a word from Ghacks administrators regarding this ridiculous mismatch. So : where are the responsibilities here, site admins or Softonic? What the hell is going on? Beyond technical matters, fixing-up feasibility, there is plain, civilized politeness, I mean you don’t let this crappy comments’ management perpetuate without a word of explanation.
Article Title: Update your browsers ASAP
Article URL: https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/
—
Indeed, Tom! Hopefully this comments circus will get sorted sooner rather than later. I can’t keep up with this for much longer.
@Long time reader, if “writing style in this article is quite different to the writing style in most other articles by the same author” as you state is true there could be another explanation, which is that different authors use the same name. I have too little talent personally to, 1- spot AI written articles, 2- spot an article’s style with sufficient data to emphasize on nuances and modifications. I’m not saying you’re wrong only that I prefer to remain extremely cautious when it comes to asserting an article’s style, rhetoric. The most I could do is to spot systematical mistakes, i.e. Martin Brinkmann uset to often mistake “to” with “too” though this specific mistake is sufficiently widespread forbid any formal conclusion. Another example is a keyboard mistake which can suggest if the user’s keyboard is azerty or qwerty :) Suggest only : deep faking one’s mistakes could include an intentional typo mistake suggesting as intentionally an azerty or qwerty keyboard when truth is opposite :)
Article Title: Update your browsers ASAP
Article URL: [https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/]
—
I was thinking, though slightly off-topic, that several combinations are possible.
I’ll take an example with a comment I had written here on Ghacks (I have the url of the article).
I asked DEEPL WRITE [https://www.deepl.com/write] to improve my comment;
I asked HUGGINGCHAT [https://huggingface.co/chat/] to improve my comment.
Hereafter the original text, DeepL Write’s rewriting, HuggingChat’s rewriting (in whatever order.
How to differentiate all three?
[ONE]
“Perspectives, ours of course. How do we deal with the digital world, and especially how do we deal with a digital world that deceives us, some of us, you and me for sure? It’s so personal, isn’t it, as is our analysis of this digital realm. So I’m going to have to share my thoughts as you’ve shared yours. I know one thing, which is that deception, revolt often leads to bitterness, and bitterness often leads to radicalism : I’m sorry, many here have expressed their refusal for political articles, myself included, but I have to include a slight political allusion to carry my comment : radicalism happens to be not only the aspiration of extremists, but also the temptation of idealists, and if the former inspires disgust, the latter inspires sadness as far as I’m concerned. I cannot imagine building my thoughts and my life on the basis of a search for truth, honesty, authenticity, which would exclude anyone, no matter how contrary to my beliefs, which would be, in my opinion, incoherent, paradoxical. I have friends who believe and keep saying that society is the culprit of all our worries, troubles, dramas. I have to disagree; in my view, “society” is not a supra-human entity, because we are all one of its components: WE are society. What does that mean in practice? I think it means that you don’t change the world by trying to change others, but by changing yourself, improving yourself, or at least behaving in a way that conforms to your vision of honesty.”
[TWO]
“Our perspectives shape how we interact with the digital realm, including navigating instances of deception. This subjective experience can lead to feelings of betrayal and disappointment, potentially fueling bitter attitudes towards technology. However, it’s important to remember that these emotions can manifest in different ways – even those striving for ideals may fall prey to radical thinking. In fact, constructing one’s outlook around absolute truth and exclusionary principles seems contradictory. Instead, focusing on self-improvement and aligning actions with values could contribute positively to the broader community.”
[THREE]
“Perspectives, ours of course. How do we deal with the digital world and specifically how do we deal with a digital world which deceives us, some of us, you and I certainly? That is so personal isn’t it, as our very analysis of this digital area is. So I’ll have to share thoughts as you’ve shared yours. I know one thing which is that deceptions, revolt often lead to bitterness and bitterness often leads to radicalism : I’m sorry, many here have expressed their refusal for political articles me included, but I have to slightly include a lite political allusion to carry my comment : radicalism happens to be not only the aspiration of extremists but as well the temptation of idealists, and if the former inspire disgust the latter inspire sadness as far as I’m concerned. I cannot imagine building my thoughts and life on the basis of a quest for truth, honesty, authenticity which would exclude whoever, whatever contrariety to my beliefs, that would be as i see it incoherent, paradoxical. I have friends who believe and say it repeatedly that society is the culprit of all our worries, bothers, dramas. I have to disagree with that ; in my view “society” is not a supra-human entity because we are all one of its components : WE are the society. What does this mean in practice? I think it means that you don’t change the world by trying to change others but my changing, improving yourself, or at least by behaving in a way which is conform to your vision of honesty.”
OK, that must be quite easy, but we get the idea, right?
Article Title: Update your browsers ASAP
Article URL: https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/
WebP… Another piece of garbage brought to you by the hijackers of web standards… Google!
Article Title: Update your browsers ASAP
Article URL: [https://www.ghacks.net/2023/09/14/chrome-firefox-and-brave-releases-security-patches/]
—
Beyond browsers as mentioned in the article, including image viewers handling Webp as well.
I have in mind Honeyview which I use [https://www.bandisoft.com/honeyview/] :
Honewview v5.51 Sep 13, 2023 : Fixed a vulnerability occurring with WebP files (CVE-2023-4863)