TL;DR

There is a vulnerability in a web application library (libwebp) which can result in arbitrary command execution when exploited. We recommend that you apply all applicable software patches as soon as possible. The upside is that it requires a user to navigate to a malicious page.

 

The details:

The vulnerability, CVE-2023-4863, is a heap-based buffer overflow vulnerability in the libwebp library which is used to decode and encode WebP image files. The vulnerability can be exploited by an attacker using a specially crafted WebP file that can result in crashes or arbitrary command execution. This could allow an attacker to gain control of an affected system or steal sensitive data. This vulnerability has been observed in attacks already.

 

This vulnerability was originally tracked as CVE-2023-4863 and assigned specifically to Google Chrome. However, the underlying vulnerability itself lies within the libwebp library and consequently affects multiple products that utilize vulnerable versions of the library. To address this scope change, the CVE numbering authority initially added CVE-2023-5129. To reduce confusion on 9/27, the CVE authority rejected the new CVE number, so now CVE-2023-4863 is the only way to track the vulnerability.

 

Software using libwebp versions from 0.5.0 to 1.3.2 may be affected by this vulnerability and many software vendors have already begun releasing patches to address this. 

 

Why we are telling you:

A large number of products are affected by this vulnerability as the libwebp library is widely used. The full scope of affected products is still unknown; however, many vendors have already begun releasing patches applying the necessary fixes. We recommend applying all applicable software patches as soon as possible. 

 

Immediate recommendations:

  • Where available, patch all affected software that utilizes libwebp versions 0.5.0 to 1.3.2
  • Examples of impacted software are: 
    • Google Chrome
    • Microsoft Edge
    • Mozilla FireFox
    • Mozilla Thunderbird
    • Safari

Strategic recommendations:

  • Use scanner tools to identify impacted software. Specifically look for CVE-2023-4863.

What we’re doing:

 

Expel’s Detection and Response team is examining this threat to see what detection and hunting logic we can apply to detect this activity with acceptable fidelity.

 

More Info/ References:

https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/