![](https://seccdn.libravatar.org/avatar/45b32d70292f07119b2f2263ba3ebcfe.jpg?s=120&d=mm&r=g)
I know, this is the openSUSE support board, but I would like to post this worrying article here. I would like to ask for appropriate forwarding... #libWebP: Well, this is getting better and better. Strictly speaking, the security vulnerability comes from Google itself. Google was alerted to it from outside, had not discovered it itself and initially misled the public by claiming that it would only affect the Chrome browser. A security researcher then also linked the vulnerability to another vulnerability that was proven to have been used to install the state Trojan Pegasus on iPhones. The tip to Google about WebP probably even came from Citizen Lab. Citizen Lab uncovered the whole espionage around NSO and Pegasus at that time. sources: [1] https://x.com/benhawkes/status/1704908473186791770?s=20 [2] https://www.heise.de/news/Unzaehlige-Anwendungen-betroffen-Chaos-bei-WebP-Lu... [3] https://blog.isosceles.com/the-webp-0day/ Kind regards M Be Free, Be Linux