We have been made aware of a significant vulnerability with many web browsers and applications that has been identified and classified as severe and which requires immediate action. This vulnerability can allow threat actors to overwrite data, run malicious code or even gain unauthorised system access.

The first step would be to make sure that your web browser is up to date as most companies have already released patches specifically designed to mitigate for this issue. Links to instructions for updating are below:

Microsoft Edge: Microsoft Edge update settings - Microsoft Support

Google Chrome: Update Google Chrome - Computer - Google Chrome Help

Mozilla Firefox: Update Firefox to the latest release | Firefox Help (mozilla.org)

Mac OS: Update macOS on Mac – Apple Support (UK)

It is also worth noting that this bug is also affecting many cross-platform apps built on Electron and Flutter. These include apps such as the Affinity suite, Signal, 1Password (now patched) Thunderbird (now patched), GiMP, Inkscape, LibreOffice, ffmpeg, and many Android apps.

As always, the advice is to make sure all your applications and operating systems are fully up to date to mitigate against these types of vulnerabilities.

For more information on this vulnerability, and to read a beginner-friendly explanation of what it can do, check out the blog post from stackiary.com: Critical WebP bug: many apps, not just browsers, under threat

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).