Google Chrome might be the most popular internet browser on the planet, but no matter which browser you prefer, you should update it as soon as possible. On Wednesday, Stack Diary was among the first to report a security vulnerability impacting every top browser. As of Wednesday, Chrome, Firefox, Edge, Brave, and Tor have all rolled out patches for this dangerous bug, so if you haven’t already, be sure to install the update now.
After updating, your browser should be on the following version or higher:
- Chrome: 116.0.5845.187 for Mac and Linux, 116.0.5845.187/.188 for Windows
- Firefox: Firefox 117.0.1, Firefox ESR 102.15.1, Firefox ESR 115.2.1, Thunderbird 102.15.1, Thunderbird 115.2.2
- Edge: 116.0.1938.81
- Brave: 1.57.64
- Tor: 12.5.4
As Stack Diary explains, the vulnerability involves a heap buffer overflow in the WebP image format. Many browsers and other software use WebP to compress images. If a threat actor exploited a vulnerability in this image format, it would impact millions of users.
Stack Diary does a great job explaining heap buffer overflows if you’re curious, but all you really need to know is that these bugs can potentially allow attackers to take control of systems, steal data, or introduce malware that users will unknowingly download.
Keeping your software up to date is always important, but especially so for situations like this. Google reported that the vulnerability, which has been designated CVE-2023-4863, has an exploit in the wild. The longer you wait to update your browser, the more likely you are to become a victim of an attack. In other words: Don’t delay, update today!