Update on the WebP security vulnerability

Centric has taken action following recent reports of a security vulnerability in the libwebp image library, which is used to display images in the WebP format. Through this vulnerability, malicious actors could perform so-called out-of-bounds memory writes using crafted HTML pages. This type of attack can have severe consequences, from crashes to running arbitrary code and unauthorised access to sensitive information.

Update 2-10-2023 | 15:00

Centric's security team has taken the necessary steps to prevent the recently discovered vulnerability in the Libwebp image library from being exploited. As always, we continue to monitor our systems to ensure the security of data and applications. We are closing this update page and remain alert to any new developments. If necessary, we will inform our customers immediately.

Update 29-9-2023 | 15:00

So far, there are no indications that the WebP vulnerability has been exploited in any of our systems or services. As always, we are continuously scanning our network environment for any anomalies.

If new information becomes available, we will update this page.

Investigation launched

Centric's security team has launched an investigation to ensure maximum protection for Centric and our customers. This includes scanning all servers and applications for the presence of the WebP library and monitoring our systems. Currently there are no indications of abuse of this vulnerability.

We also monitor our suppliers for the availability of updates. Patches have been made available for many browsers and Linux distributions, which Centric is now rolling out to the various systems within our management.

Taking action yourself: updating software

To reduce the risks associated with this vulnerability, we recommend that our customers update systems and applications they manage themselves, and apply the latest security patches provided by the relevant software vendors. Updating software is an essential step in protecting information from this vulnerability.

The libwebp vulnerability is mainly found in:

  • Popular web browsers, including Chrome, Firefox, Microsoft Edge and Opera
  • Many Linux variants: Debian, Ubuntu, Alpine, Gentoo, SUSE
  • Numerous other applications, including Microsoft Teams, Slack, Discord, LibreOffice, 1Password, Telegram, Signal Desktop

More information?

Customers who have questions about the WebP vulnerability can contact Centric at security@centric.eu.