Home > Security Bulletins > Google libwebp CVE-2023-5129

Google libwebp CVE-2023-5129

Summary

Google has updated the CVE-2023-4863 (CVSS score 3.0: 8.8)  with their own CVE-2023-5129 (CVSS score 3.0: 10.0). The new CVE info has been to cover a more focused impact from the initial CVE of libwebp on chrome. The vulnerability has impact on the heap buffer overflow in WebP.

The vulnerability comes from an issue with the Huffman coding algorithm used for lossless compression which allows for malicious crafted HTML pages. This allows for arbitrary code execution and unauthorized access to sensitive information.

Affected software

Google Chrome version before 116.0.5845.187.

Security Patches

Google recommends to patch to 116.0.5845.187 or newer.