CVE-2023-4863
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
99.7%
p100
KEV
YES
Sep 13, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Google / Chromium WebP
Vulnerability
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Added to KEV
Sep 13, 2023
Remediate by
Oct 4, 2023
Known ransomware use
No
Summary description
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
No related CVEs by CWE or product.