Critical CVIS 10-rated Zero-day Webp vulnerability wildly exploited. Reassigned to CVE-2023-5129.

It might come as a shocker, but that webp image you will open might make you vulnerable to a cyber-attack.  

Read on.

Recently, threat intel agencies and cybersecurity experts have been on their toes since a new critical Vulnerability was discovered in Google’s Webp library. Identified earlier as CVE-2023-4863 and rejected as a duplicate of CVE-2023-5129 which is a current identifier for the vulnerability for Google. CVE-2023-41064 is for Apple.

What makes this vulnerability dangerous is that an attacker can gain access to all the sensitive information of his target using just a webp image. It allows the attacker to execute his arbitrary code through malicious web p images that are processed by applications and platforms that are exposed to the said vulnerability.  

Since the vulnerability impacts all the software and platforms that utilize the webp format through libwebpm, many major browsers like all the Google Chromium-based browsers, Apple’s Safari Browser, Mozilla’s Firefox, and Microsoft’s Edge are all affected by the vulnerability.  

The following (not limited to the list) are some of the applications affected by the Webp 0day vulnerabilities:  

• 1Password  
• balenaEtcher  
• Basecamp 3  
• Beaker (web browser)  
• Bitwarden  
• CrashPlan  
• Cryptocat (discontinued)  
• Discord  
• Eclipse Theia  
• FreeTube  
• GitHub Desktop  
• GitKraken  
• Joplin  
• Keybase  
• Lbry  
• Light Table  
• Logitech Options+  
• LosslessCut  
• Mattermost  
• Microsoft Teams  
• MongoDB Compass  
• Mullvad  
• Notion  
• Obsidian QQ (for macOS)  
• Quasar Framework  
• Shift  
• Signal  
• Skype  
• Slack  
• Symphony Chat  
• Tabby  
• Termius  
• TIDAL  
• Twitch  
• Visual Studio Code  
• WebTorrent  
• Wire  
• Yammer  

Some of the vendors have already patched their products for the WebP 0day vulnerability.  

• Mozilla  
• Bitwarden  
• Brave  
• Google  
• LibreOffice  
• Lossless  
• Microsoft  
• Mozilla 
• NixOS  
• Suse  
• Tor  
• Ubuntu  
• Vivaldi  

Technical Dissection  

According to the analysis of the said vulnerability it was found that it is a vulnerability that had risen in the component of open source libwebp library. The Huffman coding algorithm, often used for lossless compression had a heap buffer issue that caused this vulnerability to arise.  

What makes this security vulnerability dangerous is the lack of information available on its severity and how it will be exploited. It is probably due to the vulnerability being inaccurately categorized initially as a “Chrome bug” 

Android and iOS are also likely affected by this security vulnerability since Android has a feature called BitmapFactory that deals with image decoding which supports libwebp.  

This can be dangerous since the vulnerability can be used to engage in remote exploitation of applications that are frequently used like WhatsApp.  

An attacker may likely engage in remote code execution. As per cybersecurity experts, exploiting the CVE 2023 5129 security vulnerability would need moderately complex user interaction.  

What SharkStriker recommends

With patches already available, organizations and developers dependent on WebP should urgently prioritize updating vulnerable versions before threat actors have a chance to exploit it in the wild.  

Increased vendors are trying to address this security vulnerability by making patches available for the organizations and developers dependent on the libwebp library since threat actors are actively exploiting the vulnerability worldwide across millions of end users that are using the above mentioned software that have libwebp library.  

We recommend all the businesses who use libewebp library to upgrade their code to libwebp version 1.3.2 or later  

We also recommend all our partners and customers keep their web browsers periodically updated to prevent exposure to the said vulnerability.