Google has issued a high-severity security alert
I wanted to notify you about a critical cybersecurity alert. This alert is so serious that Google has stamped it with their highest severity rating: a solid 10/10. In layman’s terms this newly discovered vulnerability (officially designated CVE-2023-5129) enables bad actors to execute unauthorized commands or access sensitive data by using maliciously crafted pages. But the bigger issue is that this vulnerability has been found in a software library known as libwebp—and libwebpis used by all kinds of software:1Password, Signal, Safari, Mozilla Firefox, Microsoft Edge, Opera, native Android web browsers, and more. So it is urgent that you identify and remediate this vulnerability wherever it exists in your environment. Please contact me right away if you have any questions about this issue and/or how you can most effectively protect your business from the significant and immediate danger it presents to you and your customers. We welcome the opportunity to assess your current exposure and remediate any vulnerabilities that may be putting you at risk.