If you don’t want hackers to get easy access to your computer, you should immediately update your internet browser. Google, Mozilla, Microsoft and Brave have issued critical security patches to plug a vulnerability that could pose risk to users’ privacy.
According to a report, a vulnerability in the WebP Codec was unearthed that prompted major browser vendors, including Google and Mozilla, to expedite the release of updates to address the issue.
The updates patch a vulnerability that an attacker could use to gain access to or run malicious code on a computer. The companies acknowledged that this vulnerability has been actively exploited in the wild.
The vulnerability is dangerous as US-based National Institute of Standards and Technology (NIST) classified it as ‘severe’.
What is the vulnerability?
The vulnerability is designed as ‘heap buffer overflow’. For example, you can only hold two apples in one hand. If someone hands you over another apple, it will be referred to as “overflow” and all the apples will fall. If you want to get a new apple, you have to manage it by replacing the ‘older’ apple with the ‘newer’ one. Imagine, this ‘new’ apple could be a stale one.
Similarly, computers use an area of memory called the “heap” to store certain kinds of data. The computer manages this memory well. Using the vulnerability, the hackers could plug malicious data (stale apple) and potentially run malicious code or gain unauthorised access to a system.
Browsers version with a fix
Here’s who you can check whether your browser version is updated. If not, install the updates as soon as it is available. The software version numbers containing the fix are:
- Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
- Microsoft: Edge version 116.0.1938.81
- Brave: Brave Browser version 1.57.64
Apple also released a security patch earlier this week apparently for the same issue but it references a different issue number on the NIST site.
end of article