Zero-Day Security Vulnerability Detected in Chrome, Firefox and Other Browsers

1 minute read

Updates are now available to fix a vulnerability in Chrome that would allow attackers to execute malicious code.

Close-up of the screen with depth of field and focus on the padlock. — Image: ktsdesign/Adobe Stock

It’s time to update Google Chrome, Firefox or Thunderbird from Mozilla, Microsoft Edge, Brave browser or Tor browser; web development news site StackDiary reported a zero-day vulnerability in all six browsers that could allow malicious actors to execute malicious code.

Jump to:

The vulnerability comes from the WebP player

Users of affected browsers should update to the latest version to ensure that the zero-day vulnerability is patched on their machines. The problem does not come from browsers: the vulnerability comes from the WebP codec, discovered by StackDiary.

Other affected apps include:

Affinity.
Jester.
Inkscape.
LibreOffice.
Telegram.
Many Android apps.
Cross-platform apps built with Flutter.

Applications built on Electron may also be affected; Electron released a patch.

Many applications use the WebP codec and libwebp library to render WebP images, StackDiary noted.

SEE: Check Point Software Finds Cybersecurity Attacks Are Coming From Both the New School (AI) and the Old School (Mysteriously Abandoned USB Drive). (TechRepublic)

In more detail, a heap buffer overflow in WebP allowed attackers to perform an out-of-bounds memory write, NIST said. A heap buffer overflow allows attackers to insert malicious code by “overflowing” the amount of data in a program, StackDiary explained. Since this heap buffer overflow targets the codec (essentially a translator that allows a computer to render WebP images), the attacker could create an image with malicious code embedded in it. From there, they could steal data or infect the computer with malware.

The vulnerability was first detected by Apple’s security engineering and architecture team and the University of Toronto’s Citizen Lab on September 6, StackDiary reported.

What steps should users take?

Google, Mozilla, Brave, Microsoft and Tor have released security patches for this vulnerability. People running these apps should update to the latest version. For other applications, this is a permanent vulnerability for which there may not be patches; NIST noted that the vulnerability has not yet been fully analyzed.

NIST has classified the vulnerability as serious and recommends that users stop using applications for which a patch is not yet available. Review your application individually if necessary.

Source link

1 minute read

Zero-Day Security Vulnerability Detected in Chrome, Firefox and Other Browsers

The vulnerability comes from the WebP player

What steps should users take?

Leave a Reply Cancel reply

How much does it cost to develop a manufacturing application?

Can Google Photos be used on iPhone?

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

How a secret phishing syndicate targets over 8,000 Microsoft 365 accounts

Java vs R language: what is the difference?

The vulnerability comes from the WebP player

What steps should users take?

Using node js with magento2

Ukrainian CERT thwarts APT28 cyberattack on critical energy infrastructure

Related Articles

Earth Lusca’s New SprySOCKS Linux Backdoor Targets Government Entities

New advanced backdoor with distinctive malware tactics

Businesses need to rethink how they implement identity security

Companies persist with outdated authentication policies

Leave a Reply Cancel reply