Google has given an already-known safety vulnerability a brand new CVE ID with the best severity degree. The explanation for that is that the vulnerability, initially categorized as a Chrome bug, impacts considerably extra functions, as a result of it’s a WebP vulnerability as an alternative.
The WebP picture file format is especially well-liked on the internet as a result of it gives a very good stability between storage measurement and high quality. However the vulnerability permits attackers to make use of a specifically crafted WebP picture to create a heap buffer overflow and execute malicious code. To do that, the picture have to be opened in an software; in browsers, merely calling up an internet site is enough. The code executed within the background can then set up malware, for instance.
Quite a few identified functions affected
The vulnerability, which was found by Apple’s Safety Engineering and Structure (SEAR) and the Citizen Lab on the College of Toronto’s Munk Faculty, was initially wrongly categorized as a pure Chrome bug; frequent internet browsers had been shortly protected with a safety replace. However because it has now turned out, considerably extra functions are additionally affected.
The vulnerability is expounded to the open Libwebp library, which is utilized by quite a few applications. Thus, functions corresponding to Gimp, Libreoffice, Telegram, 1Password and plenty of others might additionally turn into targets of an assault. Because of this, the CVSS, a standardized rating for evaluating safety vulnerabilities, has been raised to the best degree 10.0.
Methods to defend your self
As a person, you principally have just one method to defend your self from this vulnerability: Ensure you have the newest patches put in. Many affected functions have already launched safety updates that shut the safety gap, together with browsers and Libreoffice.
In any other case, what ought to at all times apply when browsing the web nonetheless applies right here. Don’t obtain recordsdata from unknown sources, and ensure that hyperlinks in emails solely result in trusted websites.
Additional studying: 5 straightforward duties that supercharge your safety
This text was translated from German to English and initially appeared on pcwelt.de.