SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2023-4863

CVE-2023-4863: Google Chrome libwebp Buffer Overflow

CVE-2023-4863 is a critical heap buffer overflow vulnerability in Google Chrome's libwebp library that enables remote attackers to execute out-of-bounds memory writes. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2023-4863 Overview

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability has been rated as high severity with a CVSS score of 8.8.

Critical Impact

This vulnerability allows for potential remote code execution through out-of-bounds memory access.

Affected Products

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge Chromium

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Google
  • Not Available - CVE CVE-2023-4863 assigned
  • 2023-09-12 - Google releases security patch
  • 2023-09-12 - CVE CVE-2023-4863 published to NVD
  • 2025-10-24 - Last updated in NVD database

Technical Details for CVE-2023-4863

Vulnerability Analysis

The vulnerability is a heap buffer overflow in libwebp, which is used within Google Chrome and other applications for parsing WebP images. The flaw allows a crafted HTML page to write data outside the allocated memory buffer, leading to potential execution of arbitrary code in the context of the affected application.

Root Cause

The root cause of this vulnerability is insufficient boundary checking when reading WebP image data.

Attack Vector

The attack vector is a maliciously crafted HTML page that when opened in a vulnerable browser or application using libwebp, triggers the overflow.

c
// Example exploitation code (sanitized)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void vulnerable_function(char *input) {
    char buffer[256];
    strcpy(buffer, input); // No boundary check
}

int main(int argc, char *argv[]) {
    if(argc > 1) {
        vulnerable_function(argv[1]);
    }
    return 0;
}

Detection Methods for CVE-2023-4863

Indicators of Compromise

  • Unusual process behavior or crashes related to affected browsers
  • Network activity involving access to WebP images from untrusted sources
  • Memory dump analysis showing corrupted structures

Detection Strategies

Network and host-based intrusion detection systems should be configured to identify and alert on patterns consistent with exploitation attempts of libwebp vulnerabilities.

Monitoring Recommendations

Monitor for unexpected process terminations and analyze application crash dumps for evidence of memory corruption. Utilize endpoint protection solutions to identify anomalies in browser behavior.

How to Mitigate CVE-2023-4863

Immediate Actions Required

  • Update Google Chrome to version 116.0.5845.187 or later
  • Apply security patches to all affected systems
  • Restrict access to untrusted WebP content

Patch Information

Security patches have been released by Google, Mozilla, and Microsoft to address this issue. Users are strongly encouraged to update their software.

Workarounds

If patches cannot be applied immediately, consider disabling WebP content rendering in browsers or utilizing content filtering to restrict potentially harmful images.

bash
# Configuration example
# Disable WebP rendering (example may vary based on application)
echo 'Disabling WebP support' > /etc/no-webp.conf

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne