Google Assigns New CVE ID with Maximum Severity for Previously Identified Security Flaw Expanding Beyond Chrome to Various Applications Due to WebP Vulnerability.
The WebP image file format is particularly popular on the web because it offers a good balance between storage size and quality. But the vulnerability allows attackers to use a specially crafted WebP image to create a heap buffer overflow and execute malicious code.
Numerous known applications affected
The vulnerability, which was discovered by Apple’s Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto’s Munk School, was initially wrongly classified as a pure Chrome bug; common web browsers were quickly protected with a security update.
The vulnerability is related to the open Libwebp library, which is used by numerous programs. The CVSS, a standardized score for evaluating security vulnerabilities, has been raised to the highest level 10.0.