• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

Google Chromium WebP Vulnerability

Released: Oct 03, 2023

Updated: Oct 05, 2023

High Severity

Microsoft Windows, Apple macOS, Google Chrome, Microsoft Edge, Mozilla Firefox, Apple iOS Platform

Google Vendor

Vulnerability Type

Critical open source library flaw actively exploited

The Google Chromium WebP heap buffer overflow vulnerability has been actively been exploited in the wild. The exploitation of the vulnerability is through a crafted image that can impact the affected applications to crash or lead to arbritrary code execution. Learn More »

Common Vulnerabilities and Exposures



Google developed an open source library Libwebp for manipulating images in WebP format. The libary provides tools for encoding and decoding images that leads to a significant improvement in loading of web pages. The Libwebp library is built-in on Google Chromium that is consumed by popular applications such as Google Chrome, Microsoft Edge, Microsoft Teams, Mozilla Firefox and Mozilla Thunderbird.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Sept 06, 2023: The Chromium WebP vulnerability was reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School.

Sept 11, 2023: The Chromium team released the security advisory and fix.

Sept 13, 2023: CISA added Google Chromium WebP Vulnerability (CVE-2023-4863) to its Known Exploited Vulnerabilities Catalog.

Sept 27, 2023: FortiGuard Labs released a Threat Signal.

Oct 3, 2023: FortiGuard Labs has released an IPS signature to detect and block any attack attempts targeting to exploit the CVE-2023-4863 vulnerability. It is strongly advised to review vendor advisories and apply their mitigations and updates.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • Vulnerability

  • IPS

  • Web App Security

  • Outbreak Detection

  • Threat Hunting

  • Threat Hunting

  • Assisted Response Services

  • Automated Response

  • NOC/SOC Training

  • End-User Training

  • Attack Surface Hardening

  • Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days


Avg 0