Outbreak Alert

Google Chromium WebP Vulnerability

Released: Oct 03, 2023

Updated: Oct 05, 2023

Download PDF »

Google Chromium Buffer Overflow Vulnerability Tags

High Severity

Google Chrome, Microsoft Edge Platform

Google Vendor

Watch Video

Critical open source library flaw actively exploited

The Google Chromium WebP heap buffer overflow vulnerability has been actively been exploited in the wild. The exploitation of the vulnerability is through a crafted image that can impact the affected applications to crash or lead to arbritrary code execution. Learn More »

Common Vulnerabilities and Exposures

Background

Google developed an open source library Libwebp for manipulating images in WebP format. The libary provides tools for encoding and decoding images that leads to a significant improvement in loading of web pages. The Libwebp library is built-in on Google Chromium that is consumed by popular applications such as Google Chrome, Microsoft Edge, Microsoft Teams, Mozilla Firefox and Mozilla Thunderbird.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Sept 06, 2023: The Chromium WebP vulnerability was reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of TorontoÊ¼s Munk School.

Sept 11, 2023: The Chromium team released the security advisory and fix.
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

Sept 13, 2023: CISA added Google Chromium WebP Vulnerability (CVE-2023-4863) to its Known Exploited Vulnerabilities Catalog.
https://www.cisa.gov/news-events/alerts/2023/09/13/cisa-adds-three-known-vulnerabilities-catalog

Sept 27, 2023: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5260/

Oct 3, 2023: FortiGuard Labs has released an IPS signature to detect and block any attack attempts targeting to exploit the CVE-2023-4863 vulnerability. It is strongly advised to review vendor advisories and apply their mitigations and updates.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Vulnerability
IPS
Web App Security

DETECT

Outbreak Detection
Threat Hunting

RESPOND

Threat Hunting
Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening
Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Apple

Learn More »

Bleeping Computer

Learn More »

Debian

Learn More »

Google

Learn More »

Helpnet Security

Learn More »

Microsoft

Learn More »

Mozilla

Learn More »

Ubuntu

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Google Chromium WebP Vulnerability

Critical open source library flaw actively exploited

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Apple

Bleeping Computer

Debian

Google

Helpnet Security

Microsoft

Mozilla

Ubuntu

About FortiGuard Outbreak Alerts

Threat Intelligence
Center