Chrome, Firefox, Edge and Brave, all Internet browser publishers have published an alert message to urge Internet users to update their browser. This is rare enough to be highlighted and it is confirmation that the problem is serious.
According to the Stack Diary site, the critical flaw referenced under CVE-2023-4863 would allow a hacker to take control of your system by exploiting a bug that would allow him to write (and subsequently execute) outside of the buffer memory allocated to him through a malicious web page. Companies like Microsoft whose browsers are based on Chromium have already released patches for their product. They therefore recommend that you update as soon as possible.
The CVE-2023-4863 flaw is all the more serious as it concerns the source code used to display files in WebP, an image format developed by Google which has become widespread on web sites and applications. That said, browsers are not the only software to be affected by this bug. As the WebP format is become a de facto standard for the quality of its compression, it is supported by many drawing or editing software. According to Stack Diary, “software from Affinity, Gimp, Inkscape, LibreOffice, Telegram, Thunderbird, ffmpeg, and many, many Android apps as well as cross-platform apps built with Flutter” or Electron.
The WebP codec exposes a flaw that endangers billions of Internet users, update your browser!
Cybercriminals can theoretically use this flaw to hit PCs but also smartphones. So you can expect a flood of software updates for programs of all types and on all platforms. At the moment, all publishers are probably in turmoil, because in the opinion of analysts, the flaw is being actively exploited as we speak.
If you are not sure about your browser version, here is the list of security fixes already available:
Chrome version 116.0.5846.187 on Mac and Linux and Chrome version 116.0.5845.187/.188 for Windows
- Firefox 117.0.1
- Firefox ESR 102.15.1
- Firefox ESR 115.2.1
- Thunderbird 102.15.1
- Thunderbird 115.2.2
- Microsoft Edge version 116.0.1938.81
- Brave version 1.57.64