Photo by Amelia Holowaty Krales / The Verge
Google, Mozilla, Microsoft, and Brave have each issued critical security patches, reports Stack Diary. The patches address a vulnerability that an attacker could use to gain access to or run malicious code on your computer, and the companies acknowledge it’s been actively exploited in the wild. NIST classifies the vulnerability as severe. Other companies’ applications are affected — the vulnerability is linked to code used to render WebP images, which are widely used.
The software version numbers containing the fix are below.
Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
Microsoft: Edge version 116.0.1938.81
Brave: Brave Browser version 1.57.64
Stack Diary mentioned that Electron-based apps like encrypted-messaging app Signal and Bandisoft’s Honeyview have also released patches for the issue. Other apps, like Affinity, Gimp, LibreOffice, Telegram, many Android applications, and “cross-platform apps built with Flutter” are likewise affected, according to the site.
Apple also released a security patch this week for what appears to be the same issue, though it references a different issue number on the NIST site.