Update your browsers ASAP
In a recent report by Stack Diary, it has come to light that Google, Mozilla, Microsoft, and Brave have all taken immediate action by releasing critical security patches. These patches address a significant vulnerability that could potentially allow attackers to infiltrate your computer and execute malicious code.
What's even more concerning is that these vulnerabilities have already been exploited in real-world scenarios, prompting swift responses from these tech giants.
The National Institute of Standards and Technology (NIST) has classified this vulnerability as severe, emphasizing the urgency of updating your software.
The vulnerability details
This vulnerability is associated with the rendering of WebP images, a widely used format on the web. Attackers have leveraged this weakness to compromise systems, making it imperative for users to take action.
Here are the specific software versions that contain the necessary fixes:
- Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
- Microsoft: Edge version 116.0.1938.81
- Brave: Brave Browser version 1.57.64
What is Webp?
Webp is a contemporary image format that has been gaining popularity due to its compact size and efficiency. Unlike traditional image formats like PNG and JPEG, Webp uses advanced compression techniques to reduce the file size without sacrificing image quality. This makes it particularly useful for websites and applications where fast loading times and low data usage are important.
Webp supports both lossy and lossless compression, allowing users to choose between a smaller file size or a higher level of detail in their images. Additionally, Webp includes features such as animation support, transparency, and Exif metadata, making it a versatile option for a wide range of use cases.
The scope of this vulnerability extends beyond just browsers. Stack Diary also highlights that Electron-based applications like the encrypted messaging app Signal and Bandisoft's Honeyview have issued patches for this issue.
Read also: Recent cyberattack hits the hotel chain giant.
Furthermore, numerous other applications, including Affinity, Gimp, LibreOffice, Telegram, many Android applications, and even "cross-platform apps built with Flutter," are at risk.
Apple has also stepped in by releasing a security patch that appears to address a similar issue. Although it references a different issue number on the NIST site, it underscores the widespread concern within the tech industry regarding this vulnerability.Advertisement