FA+
Shop
!! PSA !! Update all your browsers and programs immediate...
2 years ago
There is a 0-day exploit that targets a library with how images are displayed. The exploit allows attackers to execute code on your computer and/or steal information from it simply by viewing an image in any affected program.
Affected programs include but not limited to:
Chrome
Firefox
Edge
Opera
Brave
Discord
Slack
Skype
Twitch
And much more. You should all update all programs immediately and on all devices (desktop, phone, tablet, TV etc). This is a very easy to exploit bug, requiring only an image to be loaded. This could be from an embed on a website, or shown in a chat program. Downloaded images are also vectors. If there is *any* way that an image can be viewed in the program, it is likely needing to be patched.
Patches have been released for the following programs and you should be on the versions listed at a minimum (if shown):
Google Chrome – Mac and Linux 116.0.5845.187 and Windows 116.0.5845.187/.188.
Mozilla – Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
Brave Browser – version 1.57.64 (Chromium: 116.0.5845.188) [Android, iOS, Linux & Mac].
Microsoft Edge – versions 109.0.1518.140, 116.0.1938.81, and 117.0.2045.31.
Tor Browser – version 12.5.4.
Opera – version 102.0.4880.46.
Vivaldi – version 6.2.3105.47.
Bitwarden
LibreOffice
Suse
Ubuntu
LosslessCut
NixOS - Nix package manager
Credit to https://www.cyberkendra.com/2023/09.....e-for.html?m=1 for the above list.
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2023-5129
https://stackdiary.com/critical-vul.....cve-2023-4863/
https://www.cyberkendra.com/2023/09.....e-for.html?m=1
Affected programs include but not limited to:
Chrome
Firefox
Edge
Opera
Brave
Discord
Slack
Skype
Twitch
And much more. You should all update all programs immediately and on all devices (desktop, phone, tablet, TV etc). This is a very easy to exploit bug, requiring only an image to be loaded. This could be from an embed on a website, or shown in a chat program. Downloaded images are also vectors. If there is *any* way that an image can be viewed in the program, it is likely needing to be patched.
Patches have been released for the following programs and you should be on the versions listed at a minimum (if shown):
Google Chrome – Mac and Linux 116.0.5845.187 and Windows 116.0.5845.187/.188.
Mozilla – Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
Brave Browser – version 1.57.64 (Chromium: 116.0.5845.188) [Android, iOS, Linux & Mac].
Microsoft Edge – versions 109.0.1518.140, 116.0.1938.81, and 117.0.2045.31.
Tor Browser – version 12.5.4.
Opera – version 102.0.4880.46.
Vivaldi – version 6.2.3105.47.
Bitwarden
LibreOffice
Suse
Ubuntu
LosslessCut
NixOS - Nix package manager
Credit to https://www.cyberkendra.com/2023/09.....e-for.html?m=1 for the above list.
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2023-5129
https://stackdiary.com/critical-vul.....cve-2023-4863/
https://www.cyberkendra.com/2023/09.....e-for.html?m=1
Acey Drgn
~spyrofan1985
Oh geez... Thanks for letting us know!
SexyDragon201
~sexydragon201
Good lord...well time to see if my studs up to snuff
