WebP is an open-source image format developed by Google. The [.rt-script]libwebp[.rt-script] package, released by Google, encodes and decodes images in WebP format and is used widely across the internet for lossless image compression. The image parsing library [.rt-script]libwebp[.rt-script] is the core of the recently identified https://nvd.nist.gov/vuln/detail/CVE-2023-4863 heap buffer overflow vulnerability and zero-day exploit that impacts Google Chrome and other Chromium-based browsers for Windows, macOS, and Linux, as well as any software or web application that uses the [.rt-script]libwebp[.rt-script] library. CVE-2023-4863 is a zero-day vulnerability that allows for remote code execution and out-of-bounds write through a buffer overflow attack.
Because of how the WebP Codec provides support for web images, a heap overflow vulnerability permits exploitation of WebP image provisions.