Blog Security Research Guidance on the Recent Critical libwebp and libvpx Vulnerabilities Background \r\n Over the past few weeks, Google released updates to Google Chrome, which included fixes for CVE-2023-4863 and CVE-2023-5217 . Both vulnerabilities were discovered as zero-day vulnerabilities exploited in the wild, and the CVE entries were updated to broaden the scope from just Google Chrome to their underlying libraries — libwebp and libvpx. Both CVEs appear  in the CISA’s Known Exploited Vulnerabilities Catalog . \r\n In this blog post, we share the details of both vulnerabilities and provide recommendations for how to detect vulnerable applications in your network. As these vulnerabilities are undergoing continued research, this post may be updated in the future with further insights and guidance. \r\n"}}"> Background Over the past few weeks, Google released updates to Google Chrome, which included fixes for CVE-2023-4863 and CVE-2023-5217 .…