FA+
Shop
UPDATE ON DISCORD SCENARIO PLEASE BE CAREFUL!
2 years ago
General
This si what was sent to me a moment ago from a freind, quoting someone they spoke to:
Courtesy of a programmer friend of mine:
everyone
"Alright fellow gamers, as the resident tech nerd I have a moral responsibility to inform the people of absolute bullshit going on the security field on the world
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
there's currently a breach inside most apps that run anything chromium based
that allows for out of bounds writing
(meaning hackers can DEADASS remotely control your PC if you get hit by it worse case scenario)
libwebp is THE library to process video on most current video playing able sites
the webp format is used due to it's great compression (it's what allows you to upload full movies onto to discord as you could see frequently in shitpost channels)
the library has a breach that can and will FUCK your shit up
SO TLDR
the breach allows people to remotely send instructions to your PC to have it do shit
DO NOT BY ANY MEANS NECESSARY OPEN ANY VIDEOS FROM THE FOLLOWING SITES
Discord, YT Music, WhatsApp, Joplin and GITHUB
the full list of apps with the aforementioned breach is here:
https://gist.github.com/mttaggart/0.....43c3032dd2e7ec
Should also mention, if you update Discord to the latest version you should be fine **however** if a video doesn't play on discord, don't try to open in browser because everything else is still vulnerable.
This whole thing is probably also causing the current Cloudflare outage and people getting blocked in Discord browser."
Courtesy of a programmer friend of mine:
everyone
"Alright fellow gamers, as the resident tech nerd I have a moral responsibility to inform the people of absolute bullshit going on the security field on the world
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
there's currently a breach inside most apps that run anything chromium based
that allows for out of bounds writing
(meaning hackers can DEADASS remotely control your PC if you get hit by it worse case scenario)
libwebp is THE library to process video on most current video playing able sites
the webp format is used due to it's great compression (it's what allows you to upload full movies onto to discord as you could see frequently in shitpost channels)
the library has a breach that can and will FUCK your shit up
SO TLDR
the breach allows people to remotely send instructions to your PC to have it do shit
DO NOT BY ANY MEANS NECESSARY OPEN ANY VIDEOS FROM THE FOLLOWING SITES
Discord, YT Music, WhatsApp, Joplin and GITHUB
the full list of apps with the aforementioned breach is here:
https://gist.github.com/mttaggart/0.....43c3032dd2e7ec
Should also mention, if you update Discord to the latest version you should be fine **however** if a video doesn't play on discord, don't try to open in browser because everything else is still vulnerable.
This whole thing is probably also causing the current Cloudflare outage and people getting blocked in Discord browser."
Nevertheless thanks for the heads up
This particular CVE has been first documented since the 13th September, and as far as things have been with this, it's been resolved and fixed with a zero-day vulnerability patch. Link to article about it here: https://www.helpnetsecurity.com/202.....cve-2023-5129/
and here's another because I like to provide sources for my info: https://arstechnica.com/security/20.....al-webp-0-day/
Only thing I can really just advise is to act with common sense: don't click on random links, keep your computer and software up to date, and if you receive a random link for something from a random stranger, just don't click it. :)
In regards to Discord being down for PC clients and Cloudflare outage, this is simply down to server issues. At 07:10PDT, a fix was implemented, and at 8:05PDT, they announced the incident had been resolved.
Link to that info can be found here: https://discordstatus.com/