Another day and another major CVE is uncovered. This is a nasty one. Libwebp is used to decode webp images, though not as popular as jpg, is still fairly common. The vulnerability has been fixed in the latest release.
The vulnerability is a heap buffer overflow in it’s compression algorithm in earlier versions of Chrome(prior to 116.0.5845.187). It also affects other software, such as, 1Password, Signal, Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers.
See more details here.