Nalaze se zero-day sigurnosne ranjivosti u Chromeu, Firefox-u i drugim preglednicima

Nalaze se zero-day sigurnosne ranjivosti u Chromeu, Firefox-u i drugim preglednicima. Ažuriranja su sada dostupna kako bi se popravila ranjivost u Chromeu koja bi omogućila napadačima izvršavanje zlonamjernog koda. Vrijeme je za ažuriranje Google Chromea, Mozille Firefox ili Thunderbirda, Microsoft Edgea, trenutnog preglednika ili Tor preglednika. Web stranica za vijesti o razvoju weba, StackDiary, izvijestila je o zero-day ranjivosti u svih šest preglednika koja bi omogućila napadačima da izvrše zlonamjerni kod. Ranjivost započinje u WebP Codec-u, a drugi pogođeni programi uključuju Affinity, Gimp, Inkscape, LibreOffice, Telegram i mnoge Android aplikacije. Korisnici pogođenih preglednika trebali bi ažurirati na najnoviju verziju kako bi osigurali zakrpu za ovu ranjivost. Ranjivost se ne nalazi u samim preglednicima, već započinje u WebP Codec-u. Aplikacije koje koriste WebP codec i libwebp biblioteku kako bi renderirale WebP slike također su pogođene ovom ranjivošću. Napadači mogu umetnuti zlonamjerni kod u sliku koju stvaraju, čime mogu ukrasti podatke ili zaraziti računalo malwareom. Sigurnosni timovi Googlea, Mozille, Bravea, Microsofta i Tora izdali su sigurnosne zakrpe za ovu ranjivost, stoga korisnici trebaju ažurirati svoje aplikacije na najnoviju verziju.

Vulnerability originates in WebP reader

A zero-day vulnerability has been discovered in popular browsers including Google Chrome, Mozilla’s Firefox, Microsoft Edge, the Brave browser, and Tor Browser. This vulnerability is related to the WebP Codec, which is used by these browsers to render WebP images. The vulnerability allows threat actors to execute malicious code, putting user data at risk. This vulnerability was first detected by the Apple Security Engineering and Architecture team and The Citizen Lab at The University of Toronto on September 6.

What steps should users take?

Users of the affected browsers should update to the most up-to-date version to ensure that the zero-day vulnerability is patched on their machines. Google, Mozilla, Brave, Microsoft, and Tor have released security patches for this vulnerability, and individuals running those apps should update to the latest version. It is important to note that this is an ongoing vulnerability, and patches may not exist for other applications that use the WebP codec. NIST has classified the vulnerability as severe and recommends users to stop using applications for which a patch is not yet available. It is advisable to regularly check for updates and patches for all applications to ensure the highest level of security.

Affected browsers and applications

The zero-day vulnerability affects several popular browsers and applications. In addition to Google Chrome and Mozilla Firefox, the vulnerability also impacts Microsoft Edge, the Brave browser, and Tor Browser. Other affected applications include Affinity, Gimp, Inkscape, LibreOffice, Telegram, many Android applications, cross-platform apps built with Flutter, and apps built on Electron. Electron has released a patch for the vulnerability. As many applications use the WebP codec and libwebp library to render WebP images, it is essential for users of these applications to update to the latest version to mitigate the risk.

Chrome

Google Chrome is one of the most widely used browsers, and it is affected by the zero-day vulnerability. Users of Chrome should update their browser to the most recent version to ensure that the vulnerability is patched. Google has released a security patch for this vulnerability, and it is recommended to install the update as soon as possible to maintain a secure browsing experience.

Firefox

Mozilla Firefox is another popular browser that is impacted by the zero-day vulnerability. Users of Firefox should update their browser to the latest version to mitigate the risk. Mozilla has released a security patch for this vulnerability, and users should install the update to ensure the safety of their browsing activities.

Microsoft Edge

Microsoft Edge, the default browser in Windows 10, is also affected by the zero-day vulnerability. Microsoft has released a security patch for this vulnerability, and users of Edge should update their browser to the latest version to protect themselves against potential attacks. Regularly checking for updates and installing patches is crucial for maintaining a secure browsing experience with Microsoft Edge.

Brave browser

The Brave browser, known for its focus on privacy and security, is also impacted by the zero-day vulnerability. Users of the Brave browser should update to the latest version to ensure that the vulnerability is patched. The Brave team has released a security patch for this vulnerability, and it is recommended to install the update as soon as possible to maintain a high level of security while browsing with Brave.

Tor Browser

The Tor Browser, widely used for anonymous browsing, is affected by the zero-day vulnerability as well. Users of the Tor Browser should update to the latest version to mitigate the risk. The Tor Project has released a security patch for this vulnerability, and it is crucial to install the update to ensure anonymous browsing activities remain secure.

Affinity

Affinity, a popular image editing software, is among the applications affected by the zero-day vulnerability. Users of Affinity should update their software to the most recent version. It is essential to regularly check for updates and install patches to ensure a secure image editing experience with Affinity.

NIST recommends users stop using applications without patches

The National Institute of Standards and Technology (NIST) has classified the zero-day vulnerability as severe. NIST recommends that users stop using applications for which a patch is not yet available. This is an ongoing vulnerability, and patches may not exist for all applications that use the WebP codec. Therefore, it is crucial to regularly check for updates and install patches to maintain a secure user experience. Taking these steps will help protect user data and mitigate the risk of potential attacks.

In conclusion, the zero-day vulnerability originating in the WebP reader affects popular browsers and applications such as Google Chrome, Mozilla Firefox, Microsoft Edge, the Brave browser, Tor Browser, and others. It is essential for users of these browsers and applications to update to the latest version to ensure the vulnerability is patched. NIST recommends users to stop using applications for which a patch is not yet available. Regularly checking for updates and installing patches is crucial for maintaining a secure browsing and application experience.