Critical open source library flaw actively exploited
The Google Chromium WebP heap buffer overflow vulnerability has been actively been exploited in the wild. The exploitation of the vulnerability is through a crafted image that can impact the affected applications to crash or lead to arbritrary code execution. Learn More »
Common Vulnerabilities and Exposures
Background
Google developed an open source library Libwebp for manipulating images in WebP format. The libary provides tools for encoding and decoding images that leads to a significant improvement in loading of web pages. The Libwebp library is built-in on Google Chromium that is consumed by popular applications such as Google Chrome, Microsoft Edge, Microsoft Teams, Mozilla Firefox and Mozilla Thunderbird.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Sept 06, 2023: The Chromium WebP vulnerability was reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School.
Sept 11, 2023: The Chromium team released the security advisory and fix.
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Sept 13, 2023: CISA added Google Chromium WebP Vulnerability (CVE-2023-4863) to its Known Exploited Vulnerabilities Catalog.
https://www.cisa.gov/news-events/alerts/2023/09/13/cisa-adds-three-known-vulnerabilities-catalog
Sept 27, 2023: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5260/
Oct 3, 2023: FortiGuard Labs has released an IPS signature to detect and block any attack attempts targeting to exploit the CVE-2023-4863 vulnerability. It is strongly advised to review vendor advisories and apply their mitigations and updates.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.