LibWebP Vulnerability

[Sofia Young]

Hello, my client was notified of a new vulnerability known as ‘LibWebP.’ Google has assigned a new CVE (Common Vulnerabilities and Exposures) identifier for a critical security flaw in the libwebp image library, which is used for rendering images in the WebP format.Our client is eager to proactively address this issue and it’s likely they’ll need to reach out to their SaaS vendors to determine if/how they’re impacted and what corrective action is being taken. Do we have any info we can provide for UA, GA4, BQ and LookerStudio? If not, can we guide them in the right direction to obtain this information? Thank you in advance!

[James Zern]

Hi,

On Fri, Oct 6, 2023 at 11:23 AM Sofia Young <sofia...@infotrustllc.com> wrote:

Hello, my client was notified of a new vulnerability known as ‘LibWebP.’ Google has assigned a new CVE (Common Vulnerabilities and Exposures) identifier for a critical security flaw in the libwebp image library, which is used for rendering images in the WebP format.Our client is eager to proactively address this issue and it’s likely they’ll need to reach out to their SaaS vendors to determine if/how they’re impacted and what corrective action is being taken. Do we have any info we can provide for UA, GA4, BQ and LookerStudio?

I'm not familiar with these products or whether they have any dependency on libwebp. The fix is available [1], so if you determine the products rely on the library they should be updated.

 

If not, can we guide them in the right direction to obtain this information? Thank you in advance!

[1] https://groups.google.com/a/webmproject.org/g/webp-discuss/c/YhVFA45DVfM/m/hS2jI_KFAwAJ