Google Reclassifies libwebp Vulnerability to Critical Following Zero-Day Attacks

Google’s recent decision to reclassify a vulnerability in the libwebp image library has brought significant attention to an issue initially described as a Chrome weakness. Here’s what you need to know. 

What are the details on the libwebp vulnerability?

The flaw, now identified as CVE-2023-5129, was originally disclosed as a potential Chrome weakness (CVE-2023-4863). This initial classification created some confusion within the cybersecurity community and led to questions about Google’s choice to categorize it as a Google Chrome problem rather than a libwebp issue. 

However, the situation has evolved. CVE-2023-5129 has been reassessed and is now officially recognized as a critical security issue within the libwebp library. It has received a maximum severity rating of 10/10 

The vulnerability resides within the Huffman coding algorithm used by libwebp for lossless compression. Exploiting this weakness enables attackers to execute out-of-bounds memory writes by employing maliciously crafted HTML pages. Such exploits can lead to severe consequences, including system crashes, arbitrary code execution and unauthorized access to sensitive information. 

Who’s affected by the libwebp vulnerability?

This reclassification carries implications for a wide range of projects and applications that rely on the libwebp open-source library. 

These projects include popular container images, such as Drupal, Nginx, Perl, Python, Ruby, Rust and WordPress. Additionally, many of the world’s most widely used web browsers, including Chrome, Firefox, Microsoft Edge and Opera, depend on libwebp. Furthermore, various Linux distributions, such as Debian, Ubuntu, Alpine, Gentoo and SUSE, incorporate libwebp into their systems. The Electron framework, which serves as the foundation for numerous cross-platform desktop applications, is also impacted. Notable applications like Microsoft Teams, Slack, Discord, LibreOffice, 1Password, Telegram and Signal Desktop are affected as well. 

What is Nuspire doing?

At Nuspire, our dedicated threat hunters remain on high alert within client environments. We are actively monitoring for any signs of malicious activity related to this vulnerability and will promptly update our clients and the community with any further developments. 

How should I protect myself from the libwebp vulnerability? 

If you are using software or applications that may be affected by this vulnerability, it’s crucial to take proactive measures: 

  • Check if software vendors have released patches for CVE-2023-5129 and libwebp.  
  • Apply software patches as soon as they are made available by vendors to mitigate the risk.  
  • Maintain ongoing monitoring for any mentions of CVE-2023-5129 or libwebp in security advisories and prioritize the application of these patches to protect your systems and data. 

While some organizations have already addressed this vulnerability, others may still be in the process of releasing patches. Your vigilance and prompt action can play a vital role in maintaining the security of your systems and data. 

Have you registered for our next event?