Google quietly corrects previously submitted disclosure for critical webp 0-day
Enlarge (credit: Getty Images) Google has quietly resubmitted a disclosure of a critical code-execution vulnerability affecting thousands of individual apps and software frameworks after its previous submission left readers with the mistaken impression that the threat affected only the Chrome browser. The vulnerability originates in the libwebp code library, which Google created in 2010 for rendering images in webp, a then-new format that resulted in files that were up to 26 percent smaller than PNG images. Libwebp is incorporated into just about every app, operating system, or other code library that renders webp images, most notably the Electron framework used [...]