The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format. About CVE-2023-5129 The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap … More
The post Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) appeared first on Help Net Security.