Browsing the internet is currently putting you at risk of being hacked. That’s not just because the internet is a risky place: A new security vulnerability has been discovered that allows bad actors entry into your computer, potentially allowing them to install malware, steal data, and even take over your machine.
As reported by Stack Diary, the issue stems from a vulnerability in WebP, a common image codec used across the internet. This vulnerability stems from a “heap buffer overflow,” which, in layman’s terms, allows a bad actor to overwrite data on your computer with whatever they want. They exploit this vulnerability by crafting a malicious WebP image that, once you view, can potentially scrape your data, install malware on your computer, or take over your system entirely.
Because this codec is so widely used, many programs are affected by the discovery. Electron-based apps are among those, including things like Signal and 1Password, as well as other apps that use the lbwebp library, including Affinity, Gimp, Inkscape, LibreOffice, Telegram, Thunderbird, and ffmpeg. Stack Diary confirms this will also affect numerous Android apps, in addition to apps built using Flutter.
Arguably the most concerning apps affected by this vulnerability, however, are web browsers. If you use Safari, Chrome, Firefox, Brave, Microsoft Edge, and even Tor, your browser is at risk from this WebP issue.
Luckily, all these major browsers have issued security patches in the time since this vulnerability was discovered. Apple, for one, issued security updates for all currently supported devices last week, followed by security patches for older devices on Monday to patch the issue. If you have an Apple device and haven’t yet updated to the latest software update, do so ASAP.
Here are the software version numbers for other major browsers:
- Chrome: 116.0.5846.187 (Mac and Linux), 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1, Firefox ESR 102.15.1, Firefox ESR 115.2.1
- Edge: 116.0.1938.81
- Brave: 1.57.64
If you use any of the other browsers mentioned in this article, make sure to update as soon as you can. While some will update automatically on their own, this can take a while to kick in, so you’re better off updating manually. To update Chrome, for example, click the three dots in the top right corner of your window, choose Help > About Google Chrome, then allow Chrome to check for the latest update. When it’s ready, click “Relaunch” to install it.
In addition, keep tabs on any software updates available for your apps and install them quickly as well. 1Password currently has a patch, as will other apps in due time.
from Lifehacker https://ift.tt/W7z4KFe
0 comments:
Post a Comment