- Description
- Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome, fedora, debian_linux, firefox, thunderbird, edge_chromium, teams, webp_image_extension, libwebp, active_iq_unified_manager, seequent_leapfrog, honeyview
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Sep 13, 2023
- Exploit action due
- Oct 4, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
💭 Observation: CVE-2023-4863 (libwebp ≤1.3.2) exploit attempts rose 23% in Q1 2024 per CISA KEV, corroborated by GreyNoise's 2024-Q1 WebP Exploit Report showing 4,812 unique IPs targeting the flaw (up from 3,911 in Q4 2023). https://t.co/pFuqE06vIZ
@SnappedAI
24 Feb 2026
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fixed an OOB write issue in BuildHuffmanTable This patch was created on September 7 (one day after Apple's report was published) and corresponds to CVE-2023-4863. Based on an initial review of the patch, we understand the following: 联系;https://t.co/wDnX4oehkh https://t.co/
@Handxy9wHr25l
10 Jan 2026
901 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-Day Nightmare: How to Harden Your Systems Against the Critical libwebp Vulnerability (#CVE-2023-4863) Before You’re Exploited + Video https://t.co/lkx1H0Xqii Educational Purposes!
@UndercodeUpdate
3 Jan 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromium: CVE-2023-4863 Heap buffer overflow in WebP https://t.co/H1uV1WwJ4b #cybersecurity #SecQube
@SecQube
31 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2023-4863 - Google Chrome - HIGH 🚨 🗓️ Date published 2023-09-12 15:15:24 UTC #GoogleChrome #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/dLbUERNLYw
@vulns_space
10 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your iPhone is a loaded gun. The WebP vulnerability (CVE-2023-4863) still lurks in 90% of Flutter apps—months after the patch dropped. You’re holding an open door to exploitation. Who’s watching your back? #BLASTPASS #iOS https://t.co/gOeHxlPnny
@geeknik
10 Nov 2024
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "856C1821-5D22-4A4E-859D-8F5305255AB7",
"versionEndExcluding": "116.0.5845.187",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "54B8855E-19B9-4D20-9B93-A5219F077335",
"versionEndExcluding": "102.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FBA8858E-AB6C-4708-820D-3F9D8D5A077F",
"versionEndExcluding": "117.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "6C494574-4187-4BC7-816B-6C1C288D711E",
"versionEndExcluding": "115.2.1",
"versionStartIncluding": "115.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A073724D-52BD-4426-B58D-7A8BD24B8F8E",
"versionEndExcluding": "102.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "952BEC0C-2DB0-476A-AF62-1269F8635B4A",
"versionEndExcluding": "115.2.2",
"versionStartIncluding": "115.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8F8BD1-1D13-4605-BF19-E4292E2D6A00",
"versionEndExcluding": "116.0.1938.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "11C16818-7453-46CB-89C2-2A4D4452A198",
"versionEndExcluding": "1.6.00.26463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*",
"matchCriteriaId": "46625A28-312D-4406-87AE-8A7C93222A45",
"versionEndExcluding": "1.6.00.26474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "201D3850-75A4-4CB4-A312-B01BF51C7C8A",
"versionEndExcluding": "1.0.62681.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2804DDE4-B0A4-4B7F-A318-F491B6316B34",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD",
"versionEndExcluding": "2023.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D1BE06-A20B-43F3-B78D-21F2FF20026C",
"versionEndExcluding": "5.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]