Sign in / up

back to article Chrome, Firefox and more caught with their WebP down, offer hasty patch-up

Google and Mozilla have rushed out a fix for a vulnerability within their browsers – Chrome and Firefox, respectively – noting an exploit already exists in the wild. The web search giant on Tuesday hurriedly issued an update for its software in response to research by Citizen Lab at the University of Toronto's Munk School. …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. ecofeco Silver badge

    Oh FFS Google

    See title

    2 5 Reply
  2. DS999 Silver badge

    Too many image related exploits

    The recent iOS patch had a fix for an ImageIO exploit.

    Maybe instead of worrying about compression ratio the people designing image formats ought to insure it can't be exploited to expand to overly large sizes that can overrun buffers - the original spec for JPEG even provided sample software that claimed the buffer sizes used were the largest it could ever need. They weren't. Not even close.

    Unfortunately the skill set for visual compression and the skill set for avoiding an exploitable spec don't tend to have much overlap.

    5 1 Reply
  3. Mitoo Bobsworth Silver badge

    Wot, Every Bloody Picture?

    One of the more unnecessary & irritating image compression formats around.

    6 1 Reply
  4. Ayemooth

    What about other rendering engines?

    What about other rendering engines? Chrome's isn't the only one y'know!

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What about other rendering engines?

      Other rendering engines? You mean Firefox?

      0 0 Reply
    2. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      libwebp

      We've revised the piece with more details: the flaw is within libwebp, a Google-managed library that processes WebP images.

      That same library is present in Firefox, Thunderbird, and other programs. So it's not just Chrome: it's anything using libwebp. Look out for patches and apply them.

      C.

      4 0 Reply
      1. mattaw2001
        Reply Icon

        Re: libwebp

        Is there any information on how browser sandboxing would mitigate or help limit the damage is kind of bug would have?

        0 0 Reply
  5. s. pam
    Terminator

    Chrome, when your privacy doesn't really matter!

    Chrome has become the Ebola virus of browsers between these latest holes, the (in)security sandbox and all the other problems. Got to admit that we purged it years ago from our whole family for FireFox as Chrome had security debacle after debacle one too many times

    0 1 Reply
  6. Mockup1974

    Just rip out the whole WebP code and add JPEG XL support. What's the point of WebP anyway, it's strictly inferior, and it doesn't have the legacy usecase that JPEG and PNG have.

    1 1 Reply

  7. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like