Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
A critical security flaw in the libwebp image library, which is used for rendering images in the WebP format, is currently being actively exploited. The vulnerability, tracked as CVE-2023-5129, has been given the maximum severity score of 10.0 on the CVSS rating system. The issue is rooted in the Huffman coding algorithm and can lead to data being written out of bounds to the heap. This vulnerability has a broader impact than initially thought, affecting not only Google Chrome but also any application that relies on the libwebp library to process WebP images. Google has expanded fixes for this issue to include the Stable channel for ChromeOS and ChromeOS Flex with the release of version 15572.50.0. This follows new details published by Google Project Zero regarding the exploitation of other vulnerabilities by commercial spyware vendors to target Android devices. CVEs: CVE-2023-0266, CVE-2023-26083, CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, CVE-2023-41064, CVE-2023-5129, CVE-2023-4863 Malware: BLASTPASS, Chrysaor, Pegasus [View Article](https://ciso2ciso.com/critical-libwebp-vulnerability-under-active-exploitation-gets-maximum-cvss-score-sourcethehackernews-com/)