Critical CVIS 10-rated Zero-day Webp vulnerability wildly exploited. Reassigned to CVE-2023-5129.

Google’s libwebp based zero-day vulnerability is now reassigned to CVE 2023-5129. It is wildly exploited. Attackers are using webp images to transmit malicious codes to extract sensitive information from their victims. 
Google released a security fix for a critical vulnerability that affected Google Chrome for Windows, macOS, and Linux. The vulnerability was given the CVE ID as CVE-2023-4863 and has been given a severity of 8.8 (High).


On analyzing the vulnerability, it was discovered that a heap buffer overflow vulnerability existed in the libwebp library that a threat actor can exploit to perform out-of-bounds memory write via a crafted HTML page. However, this vulnerability was resubmitted by Google, which is now tracked as CVE-2023-5129. It was later found that CVE-2023-41064 and this vulnerability were similar and affected the same libwebp library.  

Threat actors exploited this particular library during the BLASTPASS exploit chain attack for deploying the NSO’s Pegasus Spyware. Though both of these vulnerabilities had different CVE IDs and were released by different vendors, they both affect the same library. 

More details for visit our website: https://sharkstriker.com/blog/critical-cvis-10-rated-zero-day-webp-vulnerability-wildly-exploited-reassigned-to-cve-2023-5129/

Comments

Popular posts from this blog

SharkStriker | Your threat striking company

Top 10 most common types of cyber attacks.

Top 10 cybersecurity risks and threats for the banking sector in 2024