CVE-2023-4863

CVE-2023-4863 is a critical vulnerability that has been identified in various major software applications, including Microsoft Windows and Server, Microsoft Edge, Microsoft Office, Word and 365 Apps, Google Chrome, Mozilla Firefox and Thunderbird, and the libwebp library used for handling WebP bitmap images. The flaw, a heap buffer overflow, was first reported to be exploited in the wild in September and has since been patched by multiple vendors. Initially thought to be specific to Google Chrome, it was later revealed that the vulnerability was present in the libwebp image processing library, affecting a broader range of applications. Google played a significant role in addressing CVE-2023-4863, patching the vulnerability twice in October, once in Chrome and once in the open-source library libwebp, which also impacted Android device models through the Arm Mali GPU driver. Google's patches followed the version numbers "116.0.5845.187 for Mac and Linux" and "116.0.5845.187/.188 for Windows". Meanwhile, Mozilla released a patch for Firefox and Thunderbird, further mitigating the risk posed by this critical flaw. Microsoft also responded promptly to the threat, releasing advisories and patches for its affected products, including Windows, Server, Edge, Office, Word, and 365 Apps. Notably, the company addressed not only CVE-2023-4863 but also other vulnerabilities such as CVE-2023-36761 and CVE-2023-36802 that were being actively exploited. In the wake of these developments, experts have stressed the importance of timely patching and have called attention to the ongoing potential for vulnerabilities in widely-used libraries like libwebp.