Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed

Google identified a vulnerability in Google Chrome called "Heap buffer overflow in WebP in Google Chrome." However, it turned out to be a bug deeply rooted in the libwebp library, affecting virtually every application that handles WebP images. The vulnerability allows an attacker to create a malformed WebP image file which can lead to the execution of the attacker's code. This issue had far-reaching consequences and affected a vast array of software and users of the WebP format. Cloudflare has updated its services and encouraged all applications supporting WebP images to update as well, emphasizing the importance of keeping browsers, apps, and operating systems up to date with security patches.