- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Any Chromium and Firefox browser prior to version 116 will be vulnerable to this, update your browsers.
Any Chromium and Firefox browser prior to version 116 will be vulnerable to this, update your browsers.
I’ve read elsewhere it’s actually a problem with libwebp not just chrome.
Basically, anything that relies on libwebp (ie can play libwebp) is vulnerable.
https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/
I wonder if it applies to devices using LockDown mode, thats shuts down a lot of nonsense in its own right…
https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability
Edit:
Fuck my reading skill (or fuck articles listing multiple high profile CVEs)…
Blastpass is not the same libwebp CVE (blastpass, the iMessage thing, is CVE-2023-41064. libwebp is CVE-2023-4863 - although that is the chrome one, despite this affecting libwebp not chrome).
I think the whole situation is very rapidly being researched and it’s all developing.
So, no idea if lockdown mode would have any effect