Critical vulnerability in WebP Codec has browser vendors scrambling for updates

stackdiary.com Critical vulnerability in WebP Codec has browser vendors scrambling for updates

A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla (update: Mozilla has now

This affects all browsers and not just Chrome, as the media falsely reported it. Mozilla just rolled out a fix, and Brave is looking into it. This bug is likely related to the "zero-click" iOS 0day that was reported by Citizenlab last week.

Pirati Europei @feddit.it

damtux @feddit.it

1y ago

Scoperta vulnerabilità critica di libwebp: molte app interessate, a partire dai browser e poi Telegram, Signal, Libreoffice, Gimp, Inkscape, app Electron-based ecc. Importante aggiornare subito.

stackdiary.com /critical-vulnerability-in-webp-codec-cve-2023-4863/

18 3

34 comments

Well, brave IS just chrome for crypto bros, so I would guess them "looking into it" is just them waiting for Google to update chrome
- Or it could be all the other features that are included that Chrome doesn't have

I have always disliked webp for its inconvenience when I try to save and share images. Nice to know people who actually know shit about it might have concerns also, I guess.
- Permanently Deleted
  
  Is this really the fault of the format or the fact that it just isn't that much well supported?
  
  Death to gif
- Maybe don't use programs from 1996
  (Or when you do, don't complain that new shit doesn't work.)
  
  Dumbass

Sigh, just when I really switched over to making memes in webp
- switched over to making memes in webp
  Chaotic evil 😭
- The only reason I know what webp is, is because its "that dumb format" that doesn't play like a GIF in Signal.
  
  Well at least it's not a gif, because gifs really suck at animations.
  The quality is really bad because of its limited color and the file sizes are enormous because animations are just a series of images after each other without any compression or optimisation between them.
- Fuck webp
- Fucking hate that shit, I have to screenshot it when sending to the group chat cause it won't upload webp.
  
  Well I hate your stupid png screenshots
- Don't be evil
- now whilst i know why people like webp, maybe we could stop using formats owned by google..
  until jpegxl becomes viable (which it mainly isn't because it compete[s/d] with webp), lets stick to nice formats not owned by tech giants, like apng^?
  
  Problem is, it takes a huge brand like Google or Apple to push a new format for something basic like images. Do you know how many alternative image formats exist that have tried to be the next jpg/gif/png? Hundreds.
  I just really wish people would stop clinging to these old formats, especially gif. Maybe when the tech giants get some traction with webp, more open alternatives can get popular as well, once people realize that jpg and gif aren't the end of everything, and app developers get off their fat asses and start supporting other formats too. It just needs to start somewhere.
  Just like ogg probably wouldn't be a thing if commercial mp3 didn't pave the way, or we probably wouldn't have divx/h264... without Real Media and Quick Time. Signal wouldn't be so popular either without the likes of Skype and Viber.
  Of course I'd prefer open, free standards from the start, but you can see how fucking lazy people are (both users and developers) to support new formats.
  That said, it's not like webp is closed or anything, so I'm ok with it.