Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format.

Source: Help Net Security

 


Date:

Categorie(s):