WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

218

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

  • about:config >> image.http.accept, delete "image/webp"
  • about:config >> network.http.accept.default, delete "image/webp"
  • about:config >> set image.webp.enabled to FALSE

You can also use:

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (39).
[–] 0 pt

The attack vector can also be spread through a .webp file renamed as .jpg

I'm also a bit of a computer dummy. Are you saying that if the file is converted to jpeg format (using xnview or similar program) it can still contain the attack vector?

[–] 0 pt

Just replace the .webp extension to .jpg and the browser will still load it.

[–] 0 pt (edited )

Ok, I get it. It's spread through the browser by clicking on the link (so it doesn't matter what webp images I've saved from the internet). I just need to re-install my OS and disable webp support.

And of course there's no way to disable only webp support from webkit based browsers such as chromium or brave...

I guess everyone's stuck with firefox

[–] 0 pt

Better safe than sorry. That's why I use several VM for online and dev related stuff. Restoring a snapshot can easily fix that kind of issue in seconds (M.2 SSD).