DEV Community

Cover image for CVE-2023-4863: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2023-4863: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

CVE ID

CVE-2023-4863

Vulnerability Name

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

  • Project: Google
  • Product: Chromium WebP

Date

  • Date Added: 2023-09-13
  • Due Date: 2023-10-04

Description

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)