BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Google had to reveal all of its cards after its lies were exposed

    Google's understatement resulted in thousands of applications having unreported vulnerabilities.


    A critical flaw that impacts thousands of different software frameworks and applications has been updated by Google. The earlier iteration of the bug made the false claim that the danger only applied to the Chrome browser.

    The libwebp code library, which Google developed in 2010 to display WebP images, is the source of the vulnerability. When compared to PNG, the format reduced file size by 26%. Virtually every program, operating system, and other code library that renders WebP images has Libwebp built in, especially the Electron framework used by Chrome and numerous other desktop and mobile programs.

    A WebP buffer overflow vulnerability in Chrome was reported by Google two weeks ago (CVE-2023-4863 CVSS: 8.8). Chrome was listed as the affected program in the bug description, but any code that used libwebp was also impacted. Critics have expressed concern that Google's misinterpretation could cause a delay in patching the vulnerability.

    This week, Google revealed a brand-new bug with the CVSS:10 code CVE-2023-5129 that targets the libwebp library. The vulnerability's severity level has also increased from 8.8 to 10. Google's latest disclosure offers a lot more information. Previously referred to as a "WebP buffer overflow in Google Chrome," the vulnerability now also allows libwebp to write data outside of the buffer's boundaries using specially crafted WebP files.

    It's not just an academic mistake that Google's first CVE is insufficient. A lot of software still lacks patches more than two weeks later. The libwebp vulnerability is risky regardless of whether it is tracked as CVE-2023-4863 or CVE-2023-5129. The versions of Electron that users are using must be v22.3.24, v24.8.3, or v25.8.1.

    In addition to Google, Apple also experienced issues with WebP images. Two weeks ago, Apple issued a warning about attackers actively exploiting an iOS vulnerability to install the Pegasus spyware. The attacks were carried out without the involvement of the user (Zero-Click): the iPhone only needed to receive a call or message to become infected.

    According to Apple, the vulnerability, identified as CVE-2023-41064 (CVSS: 7.8) and currently fixed, results from a buffer overflow flaw in ImageIO, a framework that enables applications to read and write the majority of image formats, including WebP.

    Security experts have hypothesized that the common source of both vulnerabilities may exist, and they have criticized Apple, Google, and Citizen Lab for not cooperating or identifying the vulnerability's common source and instead choosing to use different CVE designations. Researchers from the security firm Rezillion have verified that the bug in the libwebp code library, which is used to process WebP images, is the cause of both vulnerabilities.

    Author reign3d
    Google turns Chrome into a tool for widespread surveillance.
    Android Trojan “GoldDigger” is rapidly emptying the wallets of Vietnamese users

    Comments 0

    Add comment