BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Google had to reveal all of its cards after its lies were exposed

    Google's understatement resulted in thousands of applications having unreported vulnerabilities.


    A critical flaw that impacts thousands of different software frameworks and applications has been updated by Google. The earlier iteration of the bug made the false claim that the danger only applied to the Chrome browser.

    The libwebp code library, which Google developed in 2010 to display WebP images, is the source of the vulnerability. When compared to PNG, the format reduced file size by 26%. Virtually every program, operating system, and other code library that renders WebP images has Libwebp built in, especially the Electron framework used by Chrome and numerous other desktop and mobile programs.

    A WebP buffer overflow vulnerability in Chrome was reported by Google two weeks ago (CVE-2023-4863 CVSS: 8.8). Chrome was listed as the affected program in the bug description, but any code that used libwebp was also impacted. Critics have expressed concern that Google's misinterpretation could cause a delay in patching the vulnerability.

    This week, Google revealed a brand-new bug with the CVSS:10 code CVE-2023-5129 that targets the libwebp library. The vulnerability's severity level has also increased from 8.8 to 10. Google's latest disclosure offers a lot more information. Previously referred to as a "WebP buffer overflow in Google Chrome," the vulnerability now also allows libwebp to write data outside of the buffer's boundaries using specially crafted WebP files.

    It's not just an academic mistake that Google's first CVE is insufficient. A lot of software still lacks patches more than two weeks later. The libwebp vulnerability is risky regardless of whether it is tracked as CVE-2023-4863 or CVE-2023-5129. The versions of Electron that users are using must be v22.3.24, v24.8.3, or v25.8.1.

    In addition to Google, Apple also experienced issues with WebP images. Two weeks ago, Apple issued a warning about attackers actively exploiting an iOS vulnerability to install the Pegasus spyware. The attacks were carried out without the involvement of the user (Zero-Click): the iPhone only needed to receive a call or message to become infected.

    According to Apple, the vulnerability, identified as CVE-2023-41064 (CVSS: 7.8) and currently fixed, results from a buffer overflow flaw in ImageIO, a framework that enables applications to read and write the majority of image formats, including WebP.

    Security experts have hypothesized that the common source of both vulnerabilities may exist, and they have criticized Apple, Google, and Citizen Lab for not cooperating or identifying the vulnerability's common source and instead choosing to use different CVE designations. Researchers from the security firm Rezillion have verified that the bug in the libwebp code library, which is used to process WebP images, is the cause of both vulnerabilities.

    Author reign3d
    Google turns Chrome into a tool for widespread surveillance.
    Android Trojan “GoldDigger” is rapidly emptying the wallets of Vietnamese users

    Comments 0

    Add comment