GOSSIP USERS: SECURITY ALERT There is an UNPATCHED vulnerability in libwebp that allows a malicious image to infect your computer. This affects gossip, as well as countless other programs. Normally we wouldn't announce an active vulnerability until it is patched and there is a solution, but this news is already widespread. Please go to your settings and uncheck "Render all media inline automatically". Only click to view media from people you trust. We are working towards a better understanding of this, and a fix. Please coorespond with @Mike Dilger ☑️ as this account is only used for announcements and is not watched. Related security alerts:

NVD - CVE-2023-4863

More info

Tenable®

CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities

Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.

Ars Technica

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.