WebP is a popular image format with better compression and quality than JPEG and PNG. However, a recent discovery by security researchers at StackDiary has revealed a critical vulnerability in the WebP codec that could allow attackers to execute arbitrary code on the victim's system.

The vulnerability, dubbed CVE-2023-4863, affects the libwebp library, which is used by many applications and all web browsers to decode WebP images. The flaw lies in the way the library handles malformed WebP files that contain invalid chunk sizes. By crafting a specially designed WebP file, an attacker could trigger a buffer overflow and overwrite memory locations with malicious code.

The impact of this vulnerability is potentially severe, as it could compromise the security and privacy of millions of users who view WebP images on the web on their devices. An attacker could exploit this vulnerability to steal sensitive data, install malware, or perform other malicious actions. According to reports this vulnerability is actively being exploited now.

The good news is that the libwebp developers have already released a patch for this vulnerability, which is available on their GitHub repository. Developers are advised to update their libwebp library ASAP to prevent any potential attacks.

Applications that include but are not limited to, Chrome, Edge, TelegramFirefox, Safari, Signal, TOR, Gimp, LibreOffice, Thunderbird, and oodles of Android apps as well as cross-platform apps built with Flutter. You get the point. If you use software that views an image, it may use the libwebp library and you need to look for an update.

Chrome, Firefox, Brave, Edge, Tor, and Thunderbird have already released patches, so check your notifications and ensure you are keeping current with your versions by in-app updates or downloading new ones.

Additionally, users should be careful when opening WebP files from unknown sources and scan them with antivirus software before viewing them.