Google has released an urgent update for the Chrome browser that fixes a vulnerability that was pointed out to the company by Citizen Lab specialists at the University of Toronto (Canada). The vulnerability is related to the WebP image format and is known to be exploited by cybercriminals.
The critical vulnerability number CVE-2023-4863 is due to a buffer overflow during WebP processing. This image format was developed by Google itself – it is actively used on the Internet and provides effective compression both without and with loss of quality. Unfortunately, malware distributors have discovered a security flaw related to this open format.
WebP is supported by numerous Chromium-based browsers, including Edge, Opera and Vivaldi, as well as image editors. Google said it would not yet release details about the identified vulnerability – the company would have to wait until Chrome was updated for most users. But it doesn’t stop there: the developer will remain silent for some time if it turns out that the vulnerability affects the WebP processing library used in other projects.
From third-party browser developers a comment provided only by a representative of the Vivaldi Project – he stated that the project closely monitors the Chromium base and takes immediate action when security updates are released, sometimes responding on the same day. As for the type of vulnerability, buffer overflow exploits typically cause software to crash or allow arbitrary code execution.