Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format. About CVE-2023-5129 The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap … More →

The post …

1password alpine applications chrome chrome zero-day containers cve debian decoding don't miss encoding exploited firefox google hot stuff library libreoffice libwebp linux macos microsoft teams opera patch patching popular rezilion runzero signal slack story suse telegram ubuntu vivaldi vulnerability vulnerability management webp zero-day