Google quietly corrects previously submitted disclosure for critical Webp 0-day
Google quietly corrects previously submitted disclosure for critical Webp 0-day
Enlarge
/
Malware
Detected
Warning
Screen
with
abstract
binary
coded
3D
digital
concept
Getty
Pictures
Google
has
calmly
resubmitted
A
disclosure
of
A
critical
code execution
vulnerability
affecting
thousands
of
individual
apps
And
software
executives
After
It is
previous
submission
LEFT
readers
with
THE
deceived
impression
that
THE
threat
affected
only
THE
Chromium
browser.
THE
vulnerability
comes from
In
THE
libwebp
coded
library,
which
Google
created
In
2010
For
rendering
pictures
In
webp,
A
SO
new
format
that
successful
In
files
that
were
up
has
26
percent
smaller
as
compared with
has
PNG
pictures.
Libwebp
East
incorporated
In
just
about
each
application,
Operating
system,
Or
other
coded
library
that
makes
webp
pictures,
most
notably
THE
Electron
frame
used
In
Chromium
And
a lot
other
apps
that
run
on
both
desktop computer
And
mobile
devices.
Two
weeks
There is,
Google
issued
A
security
advisory
For
What
he
said
was
A
heap
buffer
overflow
In
WebP
In
Chromium.
that of Google
official
description,
follow up
as
CVE-2023-4863,
scope
THE
affected
supplier
as
"Google"
And
THE
software
affected
as
"Chromium,"
even
However
any of them
coded
that
used
libwebp
was
vulnerable.
Reviews
warned
that
that of Google
failure
has
note
that
thousands
of
other
pieces
of
coded
were
Also
vulnerable
would be
result
In
useless
delays
In
patch
THE
vulnerability,
which
allow
attackers
has
execute
malicious
coded
When
users
TO DO
Nothing
more
that
see
A
trap
webp
picture.
Enlarge
On
Monday,
Google
submitted
A
new
disclosure
It is
follow up
as
CVE-2023-5129.
THE
new
entrance
correctly
lists
libwebp
as
THE
affected
supplier
And
affected
software.
He
Also
bumps
up
THE
gravity
rating
of
THE
vulnerability,
Since
8.8
out
of
A
possible
ten
has
10.
Enlarge
THE
lack
of
completeness
In
THE
First of all
CVE
Google
assigned
go
GOOD
beyond
be
A
simple
academic
fail.
More
that
two
weeks
After
THE
vulnerability
came
has
light,
A
host
of
software
remains
not corrected.
THE
most
blatant
example
East
Microsoft
Teams.
THE
vulnerability
description
In
that of Google
new
submission
provides
considerably
more
detail.
THE
description
In
THE
old
submission
was:
Heap
buffer
overflow
In
WebP
In
Google
Chromium
Before
has
116.0.5845.187
allowed
A
remote
attacker
has
perform
A
out
of
terminals
memory
to write
via
A
made
HTML
page.
(Chromium
security
severity:
Review)
THE
new
description
is:
With
A
especially
made
WebP
without loss
deposit,
libwebp
can
to write
data
out
of
terminals
has
THE
heap.
THE
ReadHuffmanCodes()
function
allocate
THE
Huffman code
buffer
with
A
size
that
come
Since
A
painting
of
precalculated
sizes:
kTableSize.
THE
color_cache_bits
value
defines
which
size
has
to use.
THE
kTableSize
painting
only
takes
In
account
sizes
For
8 bit
first level
painting
research
but
not
second level
painting
research.
libwebp
allow
codes
that
are
up
has
15 bit
(MAX_ALLOWED_CODE_...
Enlarge
/
Malware
Detected
Warning
Screen
with
abstract
binary
coded
3D
digital
concept
Getty
Pictures
Google
has
calmly
resubmitted
A
disclosure
of
A
critical
code execution
vulnerability
affecting
thousands
of
individual
apps
And
software
executives
After
It is
previous
submission
LEFT
readers
with
THE
deceived
impression
that
THE
threat
affected
only
THE
Chromium
browser.
THE
vulnerability
comes from
In
THE
libwebp
coded
library,
which
Google
created
In
2010
For
rendering
pictures
In
webp,
A
SO
new
format
that
successful
In
files
that
were
up
has
26
percent
smaller
as
compared with
has
PNG
pictures.
Libwebp
East
incorporated
In
just
about
each
application,
Operating
system,
Or
other
coded
library
that
makes
webp
pictures,
most
notably
THE
Electron
frame
used
In
Chromium
And
a lot
other
apps
that
run
on
both
desktop computer
And
mobile
devices.
Two
weeks
There is,
Google
issued
A
security
advisory
For
What
he
said
was
A
heap
buffer
overflow
In
WebP
In
Chromium.
that of Google
official
description,
follow up
as
CVE-2023-4863,
scope
THE
affected
supplier
as
"Google"
And
THE
software
affected
as
"Chromium,"
even
However
any of them
coded
that
used
libwebp
was
vulnerable.
Reviews
warned
that
that of Google
failure
has
note
that
thousands
of
other
pieces
of
coded
were
Also
vulnerable
would be
result
In
useless
delays
In
patch
THE
vulnerability,
which
allow
attackers
has
execute
malicious
coded
When
users
TO DO
Nothing
more
that
see
A
trap
webp
picture.
Enlarge
On
Monday,
Google
submitted
A
new
disclosure
It is
follow up
as
CVE-2023-5129.
THE
new
entrance
correctly
lists
libwebp
as
THE
affected
supplier
And
affected
software.
He
Also
bumps
up
THE
gravity
rating
of
THE
vulnerability,
Since
8.8
out
of
A
possible
ten
has
10.
Enlarge
THE
lack
of
completeness
In
THE
First of all
CVE
Google
assigned
go
GOOD
beyond
be
A
simple
academic
fail.
More
that
two
weeks
After
THE
vulnerability
came
has
light,
A
host
of
software
remains
not corrected.
THE
most
blatant
example
East
Microsoft
Teams.
THE
vulnerability
description
In
that of Google
new
submission
provides
considerably
more
detail.
THE
description
In
THE
old
submission
was:
Heap
buffer
overflow
In
WebP
In
Google
Chromium
Before
has
116.0.5845.187
allowed
A
remote
attacker
has
perform
A
out
of
terminals
memory
to write
via
A
made
HTML
page.
(Chromium
security
severity:
Review)
THE
new
description
is:
With
A
especially
made
WebP
without loss
deposit,
libwebp
can
to write
data
out
of
terminals
has
THE
heap.
THE
ReadHuffmanCodes()
function
allocate
THE
Huffman code
buffer
with
A
size
that
come
Since
A
painting
of
precalculated
sizes:
kTableSize.
THE
color_cache_bits
value
defines
which
size
has
to use.
THE
kTableSize
painting
only
takes
In
account
sizes
For
8 bit
first level
painting
research
but
not
second level
painting
research.
libwebp
allow
codes
that
are
up
has
15 bit
(MAX_ALLOWED_CODE_...