- Description
- Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome, fedora, debian_linux, firefox, thunderbird, edge_chromium, teams, webp_image_extension, libwebp, active_iq_unified_manager, seequent_leapfrog, honeyview
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Sep 13, 2023
- Exploit action due
- Oct 4, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨 CVE-2023-4863 -> Critical WebP Heap Buffer Overflow A dangerous image rendering vulnerability that hits where it hurts—right in the browser. This critical flaw is your gateway to RCE (Remote Code Execution) with just a single malicious image. Let's dive in! **How it w
@Code2Shell
7 Apr 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-4863 -> Remote Code Execution A critical vulnerability lurking in the versions of popular instant messaging apps software. Bad actors are leveraging this flaw to launch code execution attacks, putting your data at risk! Here's the scoop: **How it Works:** - htt
@Code2Shell
6 Apr 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-4863 -> Out-of-Bounds Write in WebP A critical flaw in the popular WebP image format library allows attackers to crash apps or execute arbitrary code. This vulnerability has hit several major platforms, causing a security frenzy. **How it works:** - **Vulnerabi
@Code2Shell
5 Apr 2026
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-4863 -> Remote Code Execution via Image Parsing A critical issue lurking in the heart of WebP library, affecting browsers and image processing apps. 🖼️🔓 How it works: - Discovered in Google Chrome’s WebP image format parser. - Exploits a buffer overfl
@Code2Shell
5 Apr 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Exploiting CVE-2023-4863, a libwebp heap overflow. It uses a "race within a race" to overwrite freed memory. This enables arbitrary write and RCE. Stay ahead of attackers. Follow for daily updates. https://t.co/kyzPtZBQ1x
@cybrmaker
12 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💭 Observation: CVE-2023-4863 (libwebp ≤1.3.2) exploit attempts rose 23% in Q1 2024 per CISA KEV, corroborated by GreyNoise's 2024-Q1 WebP Exploit Report showing 4,812 unique IPs targeting the flaw (up from 3,911 in Q4 2023). https://t.co/pFuqE06vIZ
@SnappedAI
24 Feb 2026
97 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fixed an OOB write issue in BuildHuffmanTable This patch was created on September 7 (one day after Apple's report was published) and corresponds to CVE-2023-4863. Based on an initial review of the patch, we understand the following: 联系;https://t.co/wDnX4oehkh https://t.co/
@Handxy9wHr25l
10 Jan 2026
901 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-Day Nightmare: How to Harden Your Systems Against the Critical libwebp Vulnerability (#CVE-2023-4863) Before You’re Exploited + Video https://t.co/lkx1H0Xqii Educational Purposes!
@UndercodeUpdate
3 Jan 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromium: CVE-2023-4863 Heap buffer overflow in WebP https://t.co/H1uV1WwJ4b #cybersecurity #SecQube
@SecQube
31 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2023-4863 - Google Chrome - HIGH 🚨 🗓️ Date published 2023-09-12 15:15:24 UTC #GoogleChrome #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/dLbUERNLYw
@vulns_space
10 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your iPhone is a loaded gun. The WebP vulnerability (CVE-2023-4863) still lurks in 90% of Flutter apps—months after the patch dropped. You’re holding an open door to exploitation. Who’s watching your back? #BLASTPASS #iOS https://t.co/gOeHxlPnny
@geeknik
10 Nov 2024
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "856C1821-5D22-4A4E-859D-8F5305255AB7",
"versionEndExcluding": "116.0.5845.187",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "54B8855E-19B9-4D20-9B93-A5219F077335",
"versionEndExcluding": "102.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FBA8858E-AB6C-4708-820D-3F9D8D5A077F",
"versionEndExcluding": "117.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "6C494574-4187-4BC7-816B-6C1C288D711E",
"versionEndExcluding": "115.2.1",
"versionStartIncluding": "115.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A073724D-52BD-4426-B58D-7A8BD24B8F8E",
"versionEndExcluding": "102.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "952BEC0C-2DB0-476A-AF62-1269F8635B4A",
"versionEndExcluding": "115.2.2",
"versionStartIncluding": "115.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8F8BD1-1D13-4605-BF19-E4292E2D6A00",
"versionEndExcluding": "116.0.1938.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "11C16818-7453-46CB-89C2-2A4D4452A198",
"versionEndExcluding": "1.6.00.26463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*",
"matchCriteriaId": "46625A28-312D-4406-87AE-8A7C93222A45",
"versionEndExcluding": "1.6.00.26474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "201D3850-75A4-4CB4-A312-B01BF51C7C8A",
"versionEndExcluding": "1.0.62681.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2804DDE4-B0A4-4B7F-A318-F491B6316B34",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD",
"versionEndExcluding": "2023.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D1BE06-A20B-43F3-B78D-21F2FF20026C",
"versionEndExcluding": "5.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]