Major Browsers Release Critical Security Updates - Update Now to Fix WebP Vulnerability

Update Chrome, Firefox, Edge, or Brave browsers now to fix a "critical" security issue.
The vulnerability could allow hackers to access or run malicious code on your computer.
Browsers should update automatically, but you may need to restart for the update to apply.
The issue affects WebP image compression, used by many browsers and apps.
Password managers like 1Password have also released updates to address this vulnerability.

cnet.com

Relevant topic timeline:

8/31/2023

Google Fixes Serious Security Flaws in Chrome and Android

August has seen a flurry of patches released by technology giants like Microsoft, Google Chrome, and Firefox to fix serious vulnerabilities. These patches are crucial as some of the flaws are already being exploited in attacks. While there was no iPhone update from Apple, major fixes were released for enterprise software, including Ivanti, SAP, and Cisco. Microsoft's Patch Tuesday fixed numerous vulnerabilities, including ones being actively targeted. Google Chrome also issued updates, addressing high impact flaws in V8 and WebRTC. Firefox patched various vulnerabilities, some of which could lead to arbitrary code execution. Lastly, Google patched several critical vulnerabilities in its Android operating system, including RCE issues in System and Media Framework.

9/11/2023

Google Rushes Out Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google has released emergency security updates for Chrome to address a zero-day vulnerability (CVE-2023-4863) that has been exploited in attacks, urging users to update their browsers to prevent further exploitation.

9/22/2023

Apple Releases Urgent Security Updates to Fix Actively Exploited iPhone Bugs Used to Install Spyware

Apple has released urgent security updates to patch vulnerabilities actively exploited, including flaws in WebKit, certificate validation, and kernel access, which were part of an exploit chain used to plant the Pegasus and Predator spyware.

9/27/2023

Google downplays critical WebP vulnerability affecting thousands of apps

Google has resubmitted a disclosure of a critical code-execution vulnerability, originally thought to only affect the Chrome browser, revealing that thousands of apps and software frameworks are affected by the flaw.

9/27/2023

Google Patches Critical Chrome Flaw Exploited to Install Spyware, 5th Zero-Day This Year

Google has released emergency security updates to patch a zero-day vulnerability in Chrome that has been exploited in spyware attacks, with the vulnerability caused by a heap buffer overflow weakness in the VP8 encoding of the libvpx video codec library.

9/28/2023

Google patches Chrome zero-day used to deploy commercial spyware

Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.

9/28/2023

New Chrome 0-Day Exploit Targets Major Vulnerability in Libvpx Video Library

A critical zero-day vulnerability in Google Chrome and Mozilla Firefox exposes the internet to potential attacks, with the flaw affecting the widely-used libvpx code library for processing media files in the VP8 format.

10/4/2023

Microsoft patches actively exploited Skype, Teams, Edge zero-days found in image libraries

Microsoft has released patches to address zero-day vulnerabilities in open source libraries that affect its products, such as Skype and Edge browser, but the company has not confirmed if these vulnerabilities were exploited or if they were aware of any exploitation.

Topics

Posted 9/14/2023, 9:36:00 PM

Major Browsers Release Critical Security Updates - Update Now to Fix WebP Vulnerability

Update Chrome, Firefox, Edge, or Brave browsers now to fix a "critical" security issue.
The vulnerability could allow hackers to access or run malicious code on your computer.
Browsers should update automatically, but you may need to restart for the update to apply.
The issue affects WebP image compression, used by many browsers and apps.
Password managers like 1Password have also released updates to address this vulnerability.

cnet.com

Relevant topic timeline:

8/31/2023

Google Fixes Serious Security Flaws in Chrome and Android

9/11/2023

Google Rushes Out Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

9/22/2023

Apple Releases Urgent Security Updates to Fix Actively Exploited iPhone Bugs Used to Install Spyware

9/27/2023

Google downplays critical WebP vulnerability affecting thousands of apps

9/27/2023

Google Patches Critical Chrome Flaw Exploited to Install Spyware, 5th Zero-Day This Year

9/28/2023

Google patches Chrome zero-day used to deploy commercial spyware

9/28/2023

New Chrome 0-Day Exploit Targets Major Vulnerability in Libvpx Video Library

10/4/2023

Microsoft patches actively exploited Skype, Teams, Edge zero-days found in image libraries