top of page

THREAT ALERT: New vulnerability announced on web browsers

What’s the problem?

The Eastern Cyber Resilience Centre has recently been made aware of a significant vulnerability with many web browsers and applications that has been identified and classified as severe. This requires immediate action. This vulnerability can allow threat actors to overwrite data, run malicious code or even gain unauthorised system access.

laptop with warning sign and text reading threat alert

What do I do now?

The first step would be to make sure that your web browser is up to date as most companies have already released patches specifically designed to mitigate for this issue. Links to instructions for updating are below:



Is there anything else I need to know?

It is also worth noting that this bug is also affecting many cross-platform apps built on Electron and Flutter. These include apps such as the Affinity suite, Signal, 1Password (now patched) Thunderbird (now patched), GiMP, Inkscape, LibreOffice, ffmpeg, and many Android apps. As always, the advice is to make sure all your applications and operating systems are fully up to date to mitigate against these types of vulnerabilities.


For more information on this vulnerability and a beginner friendly explanation of what it can do you can consult the following blog post: Critical WebP bug: many apps, not just browsers, under threat (stackdiary.com).


How do I get these critical notifications in the future?

The ECRC is a police- led organisation that can help you with identifying your cyber vulnerabilities and how to fix them. At this stage we would advise you to do three things now.

  1. Join our free community membership and you will be supported through implementing the changes you need to make to protect your business and your customers.

  2. For all organisations in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you to one of our Cyber Essentials Partners – all regionally based cyber security companies that can help you become accredited.

  3. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.

Reporting Cyber Crime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online.

Forward suspicious emails to report@phishing.gov.uk.

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page