Secure Code Warrior is aware that on the 11th Sep 2023, Google disclosed the libwebp vulnerability CVE 2023-4863. WebP is an open-source image format developed by Google. WebP enables higher quality images in smaller file sizes. The libwebp package, released by Google, encodes and decodes images in WebP format and is used widely across the internet for lossless image compression.
The image parsing library libwebp is the core of the recently identified CVE-2023-4863 heap buffer overflow vulnerability and zero-day exploit that impacts Google Chrome and other Chromium-based browsers for Windows, macOS, and Linux, as well as any software or web application that uses the libwebp library.
Secure Code Warrior has assessed its internal environment to understand the impact from the libwebp vulnerability. We can confirm the impact was very limited due to existing compensating controls we had in place. However, we have completed the patching of systems impacted by libwebp vulnerability.
We can confirm at this time there is no impact to the Secure Code Warrior learning platform, and we will continue to monitor the situation and will provide updates as necessary.