Big-name tech firms were quick to react to a security flaw in browsers and other software that is being exploited by hackers.
The issue was discovered recently by the Apple Security Engineering Architecture (SEAR) group in conjunction with The University of Toronto’s Citizen’s Lab.
The security issue centers are the WebP Codec which manages the picture compression and loading in many of the most popular web browsers.
By the time of this writing, the major browsers including Google’s Chrome, Mozilla’s Firefox, Microsoft Edge, Brave had all completed a patch to close the risk.
Users were strongly encouraged to load this latest update to make sure their browsers were safe.
However, this issue runs deeper than just browsers since many software companies also rely on this same Codec to render WebP images.
Hackers have found a way to insert malicious images into the overflow stack that WebP utilizes.
These malicious images may contain commands under the covers that can exploit or provide access to user data that can steal such information.
Because of the widespread use of WebP, companies and individuals alike are at risk.
The cost of containing cybercrime continues to soar on an annual basis as hackers continue to find new and unique ways to access computers and personal data.
It is estimated that the 2023 cost to deal with cybercrime will top $8 Trillion, with the average cost for a corporate breach costing upwards of $10 Million per occurrence.
While the main mechanism of accessing WebP images has been closed with the patches to the major browsers, software developers have a lot of work to do to fully close out this new risk.
Leave a Reply