Google has given an already-known safety vulnerability a brand new CVE ID with the best severity stage. The cause for that is that the vulnerability, initially categorised as a Chrome bug, impacts considerably extra purposes, as a result of it’s a WebP vulnerability as an alternative.

The WebP picture file format is especially well-liked on the internet as a result of it presents a great steadiness between storage dimension and high quality. But the vulnerability permits attackers to make use of a specifically crafted WebP picture to create a heap buffer overflow and execute malicious code. To do that, the picture have to be opened in an software; in browsers, merely calling up an internet site is adequate. The code executed within the background can then set up malware, for instance.

Numerous recognized purposes affected

The vulnerability, which was found by Apple’s Security Engineering and Architecture (SEAR) and the Citizen Lab on the University of Toronto’s Munk School, was initially wrongly categorised as a pure Chrome bug; common web browsers were quickly protected with a safety replace. But as it has now turned out, considerably extra purposes are additionally affected.

The vulnerability is said to the open Libwebp library, which is utilized by quite a few applications. Thus, purposes similar to Gimp, Libreoffice, Telegram, 1Password and plenty of others might additionally change into targets of an assault. As a outcome, the CVSS, a standardized rating for evaluating safety vulnerabilities, has been raised to the highest level 10.0.

How to guard your self

As a person, you principally have just one approach to shield your self from this vulnerability: Make certain you have got the most recent patches put in. Many affected purposes have already launched safety updates that shut the safety gap, together with browsers and Libreoffice.

Otherwise, what ought to all the time apply when browsing the online nonetheless applies right here. Do not obtain recordsdata from unknown sources, and make it possible for hyperlinks in emails solely result in trusted websites.

Further studying: 5 easy tasks that supercharge your security

This article was translated from German to English and initially appeared on pcwelt.de.