Statement on CVE 2023-4863 Heap Buffer Overflow in Libwebp in Google Chrome

November 28, 2023

Information

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Risk

Low

Response

Melissa Data Corporation (“Melissa”) was not impacted by the libwebp vulnerability. Any Melissa commercial web services or products were not impacted by this vulnerability. Use of the Chrome browser is extremely limited in Melissa’s production servers; if the browser is used, it is regularly updated. Additionally, all guidelines for assessing and mitigating the issue were followed.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.