Google quietly corrects previously submitted disclosure for critical webp 0-day

Enlarge / Malware Detected Warning Screen with abstract binary code 3d digital conceptGetty Images

Google has quietly resubmitted a disclosure of a critical code-execution vulnerability affecting thousands of individual apps and software frameworks after its previous submission left readers with the mistaken impression that the threat affected only the Chrome browser.

The vulnerability originates in the libwebp code library, which Google created in 2010 for rendering images in webp, a then new format that resulted in files that were up to 26 percent smaller as compared to PNG images. Libwebp is incorporated into just about every app, operating system, or

→ Continue reading at Ars Technica

Related articles

Comments

Share article

Latest articles