Oh great doesn't it mean Tor (the browser) was vulnerable too?
Firefox
A place to discuss the news and latest developments on the open-source browser Firefox
Yes, there's already an update.
Just wondering whether its a coincidence that chrome and Firefox are both vulnerable.
Since webp is Google's, I wouldn't be surprised that everybody is using Google libwebp's derived code to display webp images. There was an advisory to check updates for ALL your browsers on ALL platforms. Edge also had a recent update.
There is a single implementation of webp that they both use.
Are there ways to test if a webp is malicious? Besides "Open it and see if you got infected"?
Clarification: I consider any file that causes this overflow as malicious, regardless if it carries code or not.
It could theoretically be detected by a script, but that’s more work than just updating.