Any Chromium and Firefox browser prior to version 116 will be vulnerable to this, update your browsers.
This is way way wider than just browsers. Anything that can display webp images is vulnerable and that includes things like MS Teams and Twitch.
The current advisory is in webm (VP8 specifically). The webp one was 2 weeks ago. …yeah, not a good time for web browsers lately…
(edit: noticed OP actually did link the webp one, I thought it’d be CVE-2023-5217 because that’s being linked elsewhere)
WebP is currently the smallest and highest quality format accepted by browsers today. I have no idea why you think so negatively of it, but it’s irreplaceable until something better is widely adopted, and thus viable.
It’s the best format for websites as of this exact moment.
Highest compression, not highest quality (arguably).
Also heavy compression which takes more resources to display.
Also poor compatibility outside browsers.
afaik it’s basically still just VP8 in image format with added metadata, and google refuses to support alternatives because they like to own the browser market.
I think there was gonna be a webp and webm 2, but it never happened.
Try linking one and sending it to someone else. I tried it and the recipient died two days later.
There’s some politics involved. Basically, everyone is rallying behind JPEGXL instead of WebP, but Google refuses to support JPEGXL in Chrome. The reasoning they gave is weak, so it’s assumed that they’re just trying to force the format they invented on everyone because they can.
IIRC, performance of the two formats is similar.
It’s a format that most major image editors don’t support. Basically, if you wanted to do anything with it, you need to first convert it to a different format. It’s the only format that has this problem.
I think most people dislike it because Google made it. Google is evil as fuck, but it’s a damn good image format, obviously so since it’s way smaller for the same visuals compared to the older formats, plus it supports transparency. Google is evil but still makes good software sometimes.
Lazy motherfuckers on this site can’t even use proper grammar when being a snarky asshole. That shit you wrote is barely coherent.
Well, i think firefox 117 fixed that webp issue so i am on that one.
On the topic of Fennec F-Droid why does it still connect to various Mozilla and Google services that can track users? Is there an F-Droid browser which doesn’t?
idk. The post content was not in all caps, so I am not really sure about the urgency
AGAIN?
It’s last week’s big libwebp vulnerability again.
Edit: this underlying vuln is why last week’s CVE was such a big deal, anything using webp is at risk including a whole big pile of electron apps that everyone uses.
There’s a more recent CVE as well for FF that was patched in 118.0.1: CVE-2023-5217: Heap buffer overflow in libvpx
