WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

436

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

  • about:config >> image.http.accept, delete "image/webp"
  • about:config >> network.http.accept.default, delete "image/webp"
  • about:config >> set image.webp.enabled to FALSE

You can also use:

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (39).
[–] 5 pts

i guess i'm a retard when it comes to this tech stuff. would anyone care to explain this to non techlords.. or tell me who is at risk and what is the risk involved here???

[–] 0 pt

Or if the vulnerability fix would be available on non big sur OS? Lots of people are still holding out updating to big Sur because still kind of new and not as stable yet...

[–] 2 pts

Previous macOS versions should be immune (OS/Safari) since there's no webp/webm support.

The vulnerability resides in the browsers that support it.

[–] 0 pt

A webp image that contains a payload could execute some malicious code on the device it has been loaded on.

[–] 1 pt

and all we would have to do is just click the link? is there anyway to know if i have their malware on my pc?

[–] 1 pt

and all we would have to do is just click the link?

That's correct. The image needs to be loaded (won't probably even display anything) to execute its payload.

is there anyway to know if i have their malware on my pc?

Malwarebytes, maybe?

I'm not using Windows outside a VM, so I'm not too concerned about it since I can restore a clean snapshot in seconds.