Overview of the libwebp Vulnerability

A zero-day vulnerability in the libwebp image library used for rendering images in WebP format is currently being exploited. Google identified it as CVE-2023-5129, with a maximum CVSS score of 10. This vulnerability was initially wrongly identified as a Chrome vulnerability (CVE-2023-4863) but has been clarified to affect all software utilizing the libwebp library.

The vulnerability is critical, affecting nearly all operating systems and applications using the libwebp library, including those built on Electron (a Cross-Platform Development Framework using Chromium and Node.js).

How the libwebp Vulnerability Works

The attack is complex and involves a specially crafted WebP lossless file that can write data beyond the heap boundaries. This potentially allows attackers further exploitation capabilities.

Top Three Reasons the libwebp Vulnerability is so Severe

The libwebp vulnerability (CVE-2023-5129) is very severe due to three reasons.

Firstly, the vulnerability affects any software that uses the WebP codec, including major browsers like Chrome, Firefox, Safari, and Edge and a host of additional apps. This makes the impact of the vulnerability extremely broad.

Secondly, successful exploitation of the vulnerability could potentially result in attackers taking control of a system, executing arbitrary code, and gaining unauthorized access to confidential user data, making the impact of exploitation extremely serious.

Lastly, attackers are already actively exploiting the flaw. Google acknowledged earlier this month that CVE-2023-4863 was being exploited in the wild. The vulnerability has also been linked to Citizen Lab’s September 7 “BLASTPASS” report disclosing a zero-click, zero-day iMessage exploit captured in the wild.

Patching the libwebp Flaw

Given the severity of the libwebp vulnerability and the active exploitation already confirmed, it’s crucial for admins to take immediate steps to safeguard their networks. One of the key measures is to patch any vulnerable apps as soon as updates become available. Then, confirm the successful application of the patches. However, since the complete list of affected applications is still unknown, it’s difficult to take preventive measures for every vulnerable app. Hopefully, additional vendors will soon share more information about the impacted applications.

Google has recommended that organizations apply patches promptly to prevent exploitation. Google Chrome versions before 116.0.5845.187 and older Electron versions are vulnerable.

Apps with available Patches for CVE-2023-5129 are listed in this ninjaOne blog.

A security professional and threat hunter, Michael Taggart has developed an extensive list of apps affected by CVE-2023-5129. Taggart is updating this list regularly.

Keep Your Network Secure with M.A. Polce

Partnering with a reliable managed IT services provider like M.A. Polce can help businesses maintain a secure network, especially when it comes to IT security services such as regular patch management and expert support. With the recent rise in zero-day security vulnerabilities like the libwebp flaw, it’s more important than ever to have a trusted partner who can provide proactive solutions to keep your business secure. M.A. Polce’s team of experts can offer a range of services that help prevent and mitigate security risks, so you can focus on what matters most – running your business. Contact us today to learn about our options for securing your business network.

Sources

https://www.ninjaone.com/blog/webp-0-day-how-to-identify-vulnerable-apps-cve-2023-5129/

https://www.bleepingcomputer.com/news/security/google-assigns-new-maximum-rated-cve-to-libwebp-bug-exploited-in-attacks/