Exploring the WebP Vulnerability: What You Need to Know

Google has recently discovered a new security flaw in the libwebp image library for exporting images in the Webp format. The vulnerability has been given a CVE identifier, CVE-2023-4863, and a maximum severity score of 10.0 on the CVSS rating system. According to Bleeping Computer, this vulnerability resides within the Huffman coding algorithm used by libwebp for lossless compression and it enables attackers out-of-bounds memory writes using maliciously crafted HTML pages.

Initially, Google disclosed the flaw as a Chrome weakness in the beginning of September, tracked as CVE-2023-4863, before assigning it to the actual issue with the open-source libwebp library. This decision has caused confusion and raised questions regarding the choice to categorize the flaw as a Google Chrome issue instead of a flaw with the Webp software, and has lead to delays in mitigations for impacted applications. The classification issue has also allowed the potential security threat to impact numerous projects and companies using libwebp because people were unaware of the issue with the program.

All platforms that user the LibWebP open source library are impacted. Here is a list of some of the most well-known applications that are impacted –

  • 1 Password
  • Safari
  • Mozilla Firefox
  • Google Chrome
  • Brave
  • Microsoft Edge
  • Opera
  • Bitwarden
  • Logitech Options +
  • Skype
  • Slack
  • Twitch
  • Discord

Check out the full list of impacted applications here.

What should you do if you use the affected programs?

The list of vulnerable apps is still growing, and an app can’t be patched if you don’t know what applications and versions exist in your environment. Patches haven’t yet been released for many impacted applications as well. In the meantime, ensure that your endpoint detection and response (EDR) service can detect and prevent any potential exploit attempts. As updates for impacted applications become available, it is critical to track and patch all impacted applications as soon as possible. IT management software is a great resource to track application versions to detect what needs to be patched. A vulnerability management program would also identify applications in your environment vulnerable to this attack.

Manage Your Organization’s Cyber Hygiene with Entara

Entara sets the standard as the world’s first eXtended Service Provider (XSP). We deliver exceptional, security-first IT solutions for our clients, including managed IT and cybersecurity and incident response services. In response to this vulnerability, Entara has taken several steps to ensure the security of our clients. These steps include:

  • Marked all WebP files as malicious through our Cloud Protection software to protect against a potential exploit through the Microsoft and Google suites
  • Worked with our Vulnerability Management Vendor to ensure our VMaaS tool is able to detect this vulnerability
  • Confirmed with our EDR vendor that potential exploit attempts can be detected and prevented by our tool
  • Working with all clients to track patches and versioning, and push mitigations to all of our clients

Through over 20 years of experience, Entara is knowledgeable about both common and up and coming risks that could impact your organization. If you are interested in learning more about Entara’s Vulnerability Management as a Service, or VMaaS, reach out to our team to learn more.

Scroll to Top