The Chrome zero-day exploited and patched by Google a few weeks ago has a new ID of CVE-2023-5129 and a description reveling that the vulnerability is not in Chrome, but is in the libwebp library, which is used by many applications for encoding/decoding the WebP image format.
The flawed implementation of the Huffman coding algorithm is the source of the vulnerability and can allow attackers to trigger a heap buffer overflow and execute arbitrary code. CVE-2023-5129 affects libwebp versions 0.5.0 to 1.3.1 and has been fixed in version 1.3.2. Some places the libwebp library can be found in have already patched for the vulnerability, and hopefully the rest of the fixes will soon be pushed out. It is suggested the consumers regularly update their operating systems and software.
Read More: Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
