Vanja ĆosićA deep technical exploration of how to trigger a tricky 0-day vulnerability in the WebP image library (potentially the one discovered by Citizen Lab recently)
Impressive work by @hawkes and @mistymntncop 👏
https://blog.isosceles.com/the-webp-0day/
#infosec #reverseengineering
Impressive work by @hawkes and @mistymntncop 👏
https://blog.isosceles.com/the-webp-0day/
#infosec #reverseengineering
The WebP 0day
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached: "Google