Listen, unless we can do an OTA update to patch our parents against racist memes they see on Facebook, memes have always been more dangerous. (And if we can, how? Pls tell me, pls. I beg of you).
when I see a webp I automatically get pissed off Even if it's since 1997 im on the internet, I never had the necessity of working with webp, so can we let that format die?
For what it's worth, discord was never vulnerable due to multiple reasons. This was also likely true for multiple of the named programs. People just saw webp and panicked without doing any research other than "is the file type there? then it's vulnerable". Not to mention the ones that where vulnerable mostly all got patched before the chaos started anyway.
they're not very smart over at google - i think it's time that faang becomes faan, or fana, or whatever i don't really care. all i know is that google is full of idiots especially at the higher levels
Damn it's always the NSO Group. I have to say as cool as this is, I hate the NSO with a burning passion, I was hoping it would be some hobbyist security geek who came up with this :(
To be fair, it probably was, and they sold it to the NSO who then claimed credit for it, plausible deniability for the finder and more money than the bug bounty that it might have been eligible for.
it’s 2023 and we’re still getting new buffer overflow bugs in major software. you would’ve thought that we had done something systematic about it by now, but no. ”i’m clever enough, so it’s fine for me to write this software in a memory unsafe language and not use any static analysis tools to verify this“ still seems to be a prevalent mindset and people still trust people who does that for some reason
There's a programming language that aims to prevent most memory unsafety bugs; it's somewhat new but it constantly grows in popularity. To my knowledge, the Rust library for decoding webp was not affected :)
@@Gramini yep, i assumed as much. i was explicitly thinking about rust when writing this comment. most programming languages are memory safe, but they also use a garbage collector, making them less well suited for high performance libraries like an image format codec, so rust would clearly be the best fit
Also there is the objectively superior format jxl, which is royalty free and backwards compatible but Google being Google decided to drop support for it for chrome because it's their anticompetitive practices. Don't be evil.
Stop blaming google for everything... Software is bound to have vulnerabilities. No matter if it's made by Google or by Joe. They didn't "give birth" to it. It was found by someone auditing the code.
In reality, google's products are most secure in the world... actually security is a joke in most MNCs especially when MNCs are deploying collage freshers to critical production environment for saving money, what else to expect....
It's not like that was a feature or anything. It was just a (critical) bug in a library that decoded the format, that could lead to code smuggling/code execution.
everything needs to be fully sandboxed, viewing image on discord should NEVER be able to breach outside of discord. the security of our systems are a joke @@Gramini
It's not like that. It's on the decompression mechanism. It's a total fine image, and the display of it doesn't kill, but some buffer of IoP there has code that scapes the permitetted and then gets executed. I agree with both commenters above me tho, although this would not suffice, as there are jailbreaks for a reason. They would exploit the decoder and then the venv. That's why even VirtualBox and other venvs are not 100% secure. There are malware that search for venvs to break or yeet itself.
@@apache937because corporations keep “kitchen sinking” everything they get their hands on. “Let’s make a new platform, but make it more vulnerable to attack. What could go wrong?”
my reason for hating webp is because I use blender, and when I need to import reference images, they're just not supported at all. PNG is far better in this case
@@MyDarkKnightRisesWhenISeeU Many websites now, such as Reddit, only give that format. So if you try to download an image, that might be your only option. Sites like Twitter are starting as well. Whenever and however possible, I do try to avoid it but it's starting to become a point where it's the only option. Truthfully, the low file size does greatly help storage space on servers/networks, but the quality takes a hit. If I really care, I'll find a way. If it's just something to save, I could care less.
It took me 10 minutes to be able to even view this video. Thanks RUclips, for FORCING me to view all of those scam and/or gambling ads. I really wish there was a comparable alternative. Until there is, I guess I'll just have to go on without watching videos on RUclips. I HOPE that RUclipss anti-adblocking ends up killing the platform. Ads are EVERYWHERE, in stores, on the streets, at bus stops, on TV, in every single app. I'm ALREADY paying for contacts to even be able to see, why the F do I have to pay AGAIN to be able to be able to see stuff without ads?! RUclips reported 29.2 BILLION dollars of revenue last year. Forcing ads on us an blocking people with adblockers is just forking GREEDY. If RUclips wants me to buy "Premium", at least make it worth the money! $13.99 a month, just to not be constantly be exposed to scam and gambling(same thing) ads is ridiculous! At LEAST give me something of value for that money.
@@Seytonic hadn’t heard about it until now! Great to know I can view your awesome content somewhere else! I love your videos man! Keep doing what you do, you’re awesome!
Forcing? You can skip the ads after 5 seconds. And if you wait 30 seconds before skipping, the RUclipsr will get their money even without you watching the whole ad.
Was curious about that as well. Given that the text about it mentions "the vulnerable library" I guess it's just Rust bindings to the C-library libwebp. There's also a pure Rust library for webp.
@@Gramini Apple & Google was mum about it. They cutting edge corps. that like to hide their faults. Not a stretch to think it was the actual Rust lib since their logo was up with the others. They'll sue devs for wrong colors, they'll sue that site for libel & whatever else if it wasn't true. Oxidized brains won't shut up about Rust until they see something like that. And they squirm inside their soul when they see a oxidized program segfault.
I ain't a dev just to be clear. I just know from what I've experienced, it "shouldn't" be on the list like it is. That list seemed specific to me. Also, I acknowledge there are missing details & ambiguity to the problem being in "safe" Rust specifically. I saw it, my brain giggled, then I wrote 🤷🏿♂️
@@akurasubject9617 The problem is exactly that. The exploit allowed the hacker to insert malicious code into the software reading the image, and making it do things it wasn't supposed to do, like installing a malware.
That's one of the reasons I hate them so vehemently. If you're not converting a lossless or much higher quality image to webp, then you're losing image quality to convert instead of just using what you already have. Far too many people don't seem to understand this and all the webp images I've found had a lower quality image because of it.
@@anon_y_mousse And yet webp is getting more traction simply because being able to decrease the average size of an image by 10-15% over other formats is potentially millions worth of savings. The most expensive thing for a website or a service is literally bandwidth.
As a web dev I can with 100% certainty tell you - Yes, it god damn is. Just deep dive into some open-source analytics and tracking software, then realise closed-source big-tech solutions are even worse.
2:13 " Pegasus can track your location, read your messages and call logs, and activate your microphone and camera..." Isn't this what apple and google does anyway? and ever app installed on these OS's?
Yes. Difference is, Google and Apple hands your data to advertisers. Pegasus hands your data to authoritarian governments. One is far more worrisome than the other if you are a journalist, researcher, activist or express any political dissent.
Wait… you had .webp > png but the thing you mentioned was that they support transparency, like png. Why is it better than png? Also, every image format has better compression than jpeg
Outside of a web browser I still can't view animated webp files. Conversion sites cause the file to bloat up as well. So it's still a basically useless format.
Never waste the chance of turning a crisis into an opportunity: time for devs to deprecate the most annoying file format for good in all platforms. It's a security threat. If the malware turns out not to be exclusive to webp, at least we get rid of webp, that is something.
What's wrong with webp? Aside from the vulnerability of course (since it is patched on most platforms now). Seems a little silly to move back to more inefficient formats. It's not like webp is a closed standard.
Yes, please get rid of gif, it's so annoying to deal with. But I wouldn't call it a security thread. If you watched the video you'd know that the problem was not webp, but libwebp, a somewhat common library to decode such images. The format itself is perfectly fine.
For both WordPress, Nodejs and Ruby on Rails developers, this is kinda concerning. But if we will not allowed webp format on user post system, maybe it will gonna fine for a while.
Critical security vulnerabilities are always intentionally kept under wraps for months or even years due to government agencies using them. The US in particular does this a LOT.
Who do you mean with "they"? The NSO Group? Of course they wouldn't report it, they are/were actively exploiting it… Google? They didn't knew and fixed it once reported…
It seems like every week NSO Group is being said to have gone dark and then comes back with no explanation whatsoever... I don't get it... are they shut down or not? :/
Here is how great the education system is (Sarcasm intended). I get in trouble at school for trying to save my grandmother from this attack. The school I go to, the majority of people live in very nice and expensive homes (Except for me and a few other students) so they LITERALLY expected me to allow my grandmother get hacked, and then I get in trouble with them if I don't do what they want so I can waste 1500 dollars on another computer that is completely unnecessary. Just awesome.(Sarcasm intended again)
IOS is not secure At one time it was very secure but popularity brings malice as you mentioned. I have seen the most recent ios exploit in action twice in the past six months. Apple claims to have patched this in the most recent update but I still have concerns as this is the same exploit they claimed to have patched previously
i just use ffmpeg to re-compress .jpg(s) into more efficient space usages, I just use the [-preset veryslow] parameter. So far the quality drop of the recompressed images are quite hard to detect.
@@TheTubejunkyas if its the format thats the problem. Its not, its libwebp thats the problem. And that when Apple/Google fixed it, didnt fix it upstream.
I think companies like dot webp images precisely because they are hard to work with... It keeps images from being reused without consent. Of course nothing loading up in paint and saving as a jpeg can't fix
@@carlosnava1471 it doesn't have to be a binary thing. I have known many web developers and have built pages in Word press and Drupal, and while I personally haven't been asked, have heard of clients on more than one occasion with concerns over their images being reappropriated. Webp makes that slightly less convenient and has those other benefits to an extent also
i saw a guy named Text to Speech make a video about this and how it related to discord. haven't watched this vid but wasn't this patched roughly a week ago, or has it appeared as something different?
I'm not sure what's worse, that people still write buffer overflow bugs in 2023, or that they can still result in arbitrary code execution on a modern system.
@@HyBlock sometimes Google's form of open-source feels like a malicious compliance. Even tho it's open-source, the methodology of fixing and not reporting these issues is the same way if a closed-source OS does the same and then never reports the issue to anyone else.
Besides google being evil and there being a non-zero chance this has was malicious from the start, I fucking hate WebP and WebM. What's wrong with PNG? it's soo much better.
Often when I download an image from Facebook Messenger, it downloads as a webp, then when I try to send it to someone, Messenger says it's not a compatible file format and also seems to think it's a gif too.
I bet NSO was PISSED when he got the exploit patched. I wouldn't be surprised if they put a hit out on him, Mostly because their shitty exploit got patched.
Memes have never been more dangerous
You obviously didn't experience The Hamster Dance.
@@HunterHogan Open the gate, take it off it's hinges. Just give PSAs about Goatse Caramels...
lmao
Don't underestimate the power of Rick Ashley.
Listen, unless we can do an OTA update to patch our parents against racist memes they see on Facebook, memes have always been more dangerous. (And if we can, how? Pls tell me, pls. I beg of you).
Google makes an image format…and it becomes an exploit for very single piece of software that uses it. Phenomenal.
Big tech moment
Well that’s google for you
what comes next? registering a .zip tld?
It's already been proven that some software has backdoors that are disguised as exploits. I wouldn't be surprised if this was one of those.
@@iUUkk no doubt, but do you have official sources on that?
It sucks that this happened but on the other hand I'm glad my longstanding hatred of webp continues to be justified
real
There's actually no valid reason webp exists other than to annoy people who download images from the web
I have a chrome extension that automatically converts webps to jpgs and pngs, it’s actually really useful
@@-BigChungusanyone with half a brain can go to a website to convert file formats. You're not that unique.
1000% agreed brother
Webp files are the bane of my existence when I want a PNG file. Glad to know that there was a massive security issue with it.
#endwebp
there are some chrome extensions that allow you to convert webp to PNG before you download it
@@oliverz321 you can just rename any .webp file to a .png and it works. might also work with webp to other extensions but i'm not sure
when I see a webp I automatically get pissed off
Even if it's since 1997 im on the internet, I never had the necessity of working with webp, so can we let that format die?
plenty of those for PNG too
For what it's worth, discord was never vulnerable due to multiple reasons. This was also likely true for multiple of the named programs. People just saw webp and panicked without doing any research other than "is the file type there? then it's vulnerable". Not to mention the ones that where vulnerable mostly all got patched before the chaos started anyway.
I'm not reading that
Alright I read it
@@internet_userr you that read wrong
@@internet_userrname checks out
You and discord should get a room
Google makes an image format.... Its used for malware... Google makes a domain "zip" and its used for malware.... Google is on a roll lol
they're not very smart over at google - i think it's time that faang becomes faan, or fana, or whatever i don't really care. all i know is that google is full of idiots especially at the higher levels
Damn it's always the NSO Group. I have to say as cool as this is, I hate the NSO with a burning passion, I was hoping it would be some hobbyist security geek who came up with this :(
To be fair, it probably was, and they sold it to the NSO who then claimed credit for it, plausible deniability for the finder and more money than the bug bounty that it might have been eligible for.
@@dennis8196Bug bounties are a fucking joke who would turn in a bug for 10k when you would sell it to Russians for 500
@@dennis8196 that would make a lot of sense
At least NSO group is helping expose the vulnerabilities sooner rather than later.
qrd? what's the problem with NSO group?
How can Google make a photo file format and not even make it compatible with their OWN APPLICATIONS
I would totally get hacked by that image in the thumbnail tbh
It hacked my brain on see.
The lack of a heads-up by Apple and Google (both PR/SM-partners) isn't suspicious at all.
it’s 2023 and we’re still getting new buffer overflow bugs in major software. you would’ve thought that we had done something systematic about it by now, but no. ”i’m clever enough, so it’s fine for me to write this software in a memory unsafe language and not use any static analysis tools to verify this“ still seems to be a prevalent mindset and people still trust people who does that for some reason
There's a programming language that aims to prevent most memory unsafety bugs; it's somewhat new but it constantly grows in popularity. To my knowledge, the Rust library for decoding webp was not affected :)
@@Gramini yep, i assumed as much. i was explicitly thinking about rust when writing this comment.
most programming languages are memory safe, but they also use a garbage collector, making them less well suited for high performance libraries like an image format codec, so rust would clearly be the best fit
The practices required to avoid this kind of bug (and related crashes) in languages like C are not difficult to implement.
Bros not a coder
@@shardnugget who is not a coder?
Also there is the objectively superior format jxl, which is royalty free and backwards compatible but Google being Google decided to drop support for it for chrome because it's their anticompetitive practices. Don't be evil.
What about AVIF which has better compression than WebP and is also royalty free? AVIF is also supported on chrome
Google giving birth to another exploit? No way. 🤣
Can we stop using new file formats that offer no advantage except a free backdoor?
Stop blaming google for everything... Software is bound to have vulnerabilities. No matter if it's made by Google or by Joe.
They didn't "give birth" to it. It was found by someone auditing the code.
@@DudeSoWinthe only good thing with webp is that it's better for storage
@@DudeSoWinfrom what I can tell there is advantages though
In reality, google's products are most secure in the world... actually security is a joke in most MNCs
especially when MNCs are deploying collage freshers to critical production environment for saving money, what else to expect....
Images running code. Something nobody asked for, wanted, or needed. Why do I get the impression security is never going to get any better?
It's not like that was a feature or anything. It was just a (critical) bug in a library that decoded the format, that could lead to code smuggling/code execution.
everything needs to be fully sandboxed, viewing image on discord should NEVER be able to breach outside of discord. the security of our systems are a joke @@Gramini
It's not like that. It's on the decompression mechanism. It's a total fine image, and the display of it doesn't kill, but some buffer of IoP there has code that scapes the permitetted and then gets executed. I agree with both commenters above me tho, although this would not suffice, as there are jailbreaks for a reason. They would exploit the decoder and then the venv. That's why even VirtualBox and other venvs are not 100% secure. There are malware that search for venvs to break or yeet itself.
@@apache937webapps have been a disaster for the human race. You use discord you are using their spyware. No ones to blame but yourself.
@@apache937because corporations keep “kitchen sinking” everything they get their hands on. “Let’s make a new platform, but make it more vulnerable to attack. What could go wrong?”
my reason for hating webp is because I use blender, and when I need to import reference images, they're just not supported at all. PNG is far better in this case
use image paste. its a life saver
JpegXL ftw!!!
Me with thousands of .webp images saved on my computer: *gulp*
Honest question: Why do you have them saved as .webp? Has this any advantage? I always hate it, when i want to download an image and its .webp ^^
@@MyDarkKnightRisesWhenISeeU Many websites now, such as Reddit, only give that format. So if you try to download an image, that might be your only option. Sites like Twitter are starting as well. Whenever and however possible, I do try to avoid it but it's starting to become a point where it's the only option. Truthfully, the low file size does greatly help storage space on servers/networks, but the quality takes a hit. If I really care, I'll find a way. If it's just something to save, I could care less.
@@MyDarkKnightRisesWhenISeeUwatch the video.
@@MyDarkKnightRisesWhenISeeUThey're a lot smaller than the 30 year old formats it intends to replace
@@MyDarkKnightRisesWhenISeeUyeah same because I can't resend it then
Yet again google ruins everything.
Google intentionally used it to fuck over microsoft
yep
It took me 10 minutes to be able to even view this video.
Thanks RUclips, for FORCING me to view all of those scam and/or gambling ads.
I really wish there was a comparable alternative. Until there is, I guess I'll just have to go on without watching videos on RUclips.
I HOPE that RUclipss anti-adblocking ends up killing the platform.
Ads are EVERYWHERE, in stores, on the streets, at bus stops, on TV, in every single app.
I'm ALREADY paying for contacts to even be able to see, why the F do I have to pay AGAIN to be able to be able to see stuff without ads?!
RUclips reported 29.2 BILLION dollars of revenue last year. Forcing ads on us an blocking people with adblockers is just forking GREEDY.
If RUclips wants me to buy "Premium", at least make it worth the money! $13.99 a month, just to not be constantly be exposed to scam and gambling(same thing) ads is ridiculous!
At LEAST give me something of value for that money.
I am on lbry :)
@@Seytonic hadn’t heard about it until now! Great to know I can view your awesome content somewhere else!
I love your videos man!
Keep doing what you do, you’re awesome!
Can't believe you don't know Rumble
Forcing? You can skip the ads after 5 seconds. And if you wait 30 seconds before skipping, the RUclipsr will get their money even without you watching the whole ad.
Unlock origin on browser and revanced on android both completely free and open source I've not seen a RUclips ad in years.
Beluga being the center of the problem 😂😂😂😂
I love that you used the Cat as an Example XD
3:50
Rust on a buffer overflow vulnerability list.
When safe ain't safe, just be careful. 🤣🤣🙃
Was curious about that as well. Given that the text about it mentions "the vulnerable library" I guess it's just Rust bindings to the C-library libwebp. There's also a pure Rust library for webp.
@@Gramini Apple & Google was mum about it. They cutting edge corps. that like to hide their faults. Not a stretch to think it was the actual Rust lib since their logo was up with the others. They'll sue devs for wrong colors, they'll sue that site for libel & whatever else if it wasn't true.
Oxidized brains won't shut up about Rust until they see something like that. And they squirm inside their soul when they see a oxidized program segfault.
As a Rust developer, I'm kind of confused, it should not be possible unless using unsafe Rust or C bindings (which are also unsafe)
I ain't a dev just to be clear. I just know from what I've experienced, it "shouldn't" be on the list like it is. That list seemed specific to me. Also, I acknowledge there are missing details & ambiguity to the problem being in "safe" Rust specifically.
I saw it, my brain giggled, then I wrote 🤷🏿♂️
If you're on windows you can open webp images in paint and then save it as a normal image btw
Doesn't that trigger the exploit too? (I mean loading and parsing the WEBP into MSP memory)
@@Rudxaini don't think so because only thing paint can do is view and edit images and nothing else.
@@akurasubject9617 The problem is exactly that. The exploit allowed the hacker to insert malicious code into the software reading the image, and making it do things it wasn't supposed to do, like installing a malware.
hey i emailed seytonic about this webp exploit Fri, Sep 29! no way!
Good job!
He probably already knew about it.
that exploit has been around for a looooong time 😂
Well yeah..
Yes? Do you not know what a zero day is?
@@featheroml dude - yes. Zero days, that the bug is known(public).
This has been known public
Like 10-9 months
@@beastfr0meast93no zero day means the company that makes the software ex Google is oblivious to the fact that the bug exists.
I swear to god, the only utility of the webp format is to give work to do to people developping websites to convert them
That's one of the reasons I hate them so vehemently. If you're not converting a lossless or much higher quality image to webp, then you're losing image quality to convert instead of just using what you already have. Far too many people don't seem to understand this and all the webp images I've found had a lower quality image because of it.
@@anon_y_mousse And yet webp is getting more traction simply because being able to decrease the average size of an image by 10-15% over other formats is potentially millions worth of savings. The most expensive thing for a website or a service is literally bandwidth.
Apart from reducing file size by around 60%, saving massively on storage and transmission size/cost/time.
and to make the web loading time on cellular data 50% faster, thats the main reason it was developed
@@Gramini And to point it out again, if it's not an original image that will lose image quality.
The internet can be scary place...
As a web dev I can with 100% certainty tell you - Yes, it god damn is. Just deep dive into some open-source analytics and tracking software, then realise closed-source big-tech solutions are even worse.
Well this is (once again) terrifying.
2:13 " Pegasus can track your location, read your messages and call logs, and activate your microphone and camera..." Isn't this what apple and google does anyway? and ever app installed on these OS's?
So can your mom if you don't get the point.
Yes. Difference is, Google and Apple hands your data to advertisers. Pegasus hands your data to authoritarian governments.
One is far more worrisome than the other if you are a journalist, researcher, activist or express any political dissent.
Exactly, like I’ve got nothing to hide bozos, so can spy on me with your little camera like a creepy ass dude if you want
@retro-porygon I agree. Advertisers can be relentless.
@@retro-porygon they do give it to governments if they request it stop talking your bs
Another excellent video. Nice work 👍
Watched your ad purely because you put it at the end. Thank you for that.
ah the good times of webp's crashing your discord app
Discord is cancer anyway...
Wait… you had .webp > png but the thing you mentioned was that they support transparency, like png. Why is it better than png?
Also, every image format has better compression than jpeg
webP has better compression + smaller file size with same image quality
because it also supports animation. Which APNG already does, it's just not very well implemented.
Webp is still dogshit. Every time I download an image and it turns out to be a webp i want to throw my computer through Google HQ's doors
@@alfie67 png has lossless compression. The animation answer makes sense though
@@alfie67So does JXL while being better in every other category as well.
That's cruel how could they hack people with beluga cat image? Did they stop using those xxxx site?
So is it zero click? Or would the user be required to actually add a random pass to their wallet sent from a random person?
IIRC the prepared image just needs to be decoded. So it depends on the targeted app if it requires a click/action for the image to show or not.
@@Gramini copy that, thank you. By the looks of the screenshot in the video the cat pic didnt appear in the imessage preview of the pass
Beluga is trying to hack you 😂
I had to double take at the channel lol
Hecker took the channel 💀
I’m sure he was just trying to send his picture directly to a girls iPhone and it turned into a malware for all phones
Discord already patched it btw
Outside of a web browser I still can't view animated webp files. Conversion sites cause the file to bloat up as well. So it's still a basically useless format.
they arent bloating up, webp had them compressed
@@128Gigabytes if I didn't have to convert them to view/send them animated they wouldn't bloat up.
Never waste the chance of turning a crisis into an opportunity: time for devs to deprecate the most annoying file format for good in all platforms. It's a security threat.
If the malware turns out not to be exclusive to webp, at least we get rid of webp, that is something.
What's wrong with webp? Aside from the vulnerability of course (since it is patched on most platforms now). Seems a little silly to move back to more inefficient formats. It's not like webp is a closed standard.
The future is AVIF a AV1 product
Bro hating on webp kinda cringe
Yes, please get rid of gif, it's so annoying to deal with. But I wouldn't call it a security thread.
If you watched the video you'd know that the problem was not webp, but libwebp, a somewhat common library to decode such images. The format itself is perfectly fine.
@@Meck5531Avif will probably be overshadowed by jxl. Jxl is faster at en/decoding, retains better quality, supports progressive loading and gets better compression ratios
Jxl > avif > webp > png, jpeg, gif
Google Voice doesn't support them either. I use it for texting from my computer and it's annoying having to convert webp images to png.
For both WordPress, Nodejs and Ruby on Rails developers, this is kinda concerning. But if we will not allowed webp format on user post system, maybe it will gonna fine for a while.
No accident that they didn't report it. My guess is they knew state sponsored groups were using the exploit
Exactly. As pro privacy as apple touts, i bet they know about us government spying methods that they could thwart if they wanted
Critical security vulnerabilities are always intentionally kept under wraps for months or even years due to government agencies using them. The US in particular does this a LOT.
Who do you mean with "they"?
The NSO Group? Of course they wouldn't report it, they are/were actively exploiting it…
Google? They didn't knew and fixed it once reported…
the other thing about being black hat and selling a zero day to bad actors is you have to trust they'll actually pay you 20mil
It seems like every week NSO Group is being said to have gone dark and then comes back with no explanation whatsoever... I don't get it... are they shut down or not? :/
Here is how great the education system is (Sarcasm intended). I get in trouble at school for trying to save my grandmother from this attack. The school I go to, the majority of people live in very nice and expensive homes (Except for me and a few other students) so they LITERALLY expected me to allow my grandmother get hacked, and then I get in trouble with them if I don't do what they want so I can waste 1500 dollars on another computer that is completely unnecessary. Just awesome.(Sarcasm intended again)
Has google ever developed something that didn’t make hacking easier? First there’s the new TLDs (.zip for example) and now this?
THANKS GOOGLE! Man, I can't help but feel google an apple should be fined by the FCC or something for this
I found out Google domains has died from that b-roll footage 💀
Always on point! 💪🏼
Getting sponsored by akami is crazy 😭
The hacked person is called Ahmed Tantawi.. and he was about to be a president
According to citizenlab, Egypt was the client and just put him in jail...
@@40arpent cause the current president doesn't allow anyone to take his place... lol
IOS is not secure At one time it was very secure but popularity brings malice as you mentioned. I have seen the most recent ios exploit in action twice in the past six months. Apple claims to have patched this in the most recent update but I still have concerns as this is the same exploit they claimed to have patched previously
Insane ramblings
they truly are@@gnomeddev
In short, hecker hecked Beluga.
Funny, Google always creating formats that carry malware
This is not the first time this has happened and I'm not surprised it happened again
That's Beluga. Damn it hecker!
blud hecked the channel no way 💀
Yes, I have ae 2020 still and webp got me mad bro 😭
No way memes are becoming more dangerous.
When you say tor is vunerable i assune you mean the browser bundle? So does that mesn firefox too, or domething the tor foundation swapped out?
Typical Google. Reinvents what doesn’t need reinvention & makes it vulnerable at the same time. Great job!
okay but tbh both jpgs and gifs are too space inefficient with compression and don't support transparency like pngs do
It was probably created this way intentionally by google. Think about their monopoly on data.
i just use ffmpeg to re-compress .jpg(s) into more efficient space usages,
I just use the [-preset veryslow] parameter. So far the quality drop of the recompressed images are quite hard to detect.
@@TheTubejunkyas if its the format thats the problem. Its not, its libwebp thats the problem. And that when Apple/Google fixed it, didnt fix it upstream.
They are compatible with ms paint and they were since the start.
Surely they are using these exploits on "bad guys", right guys?
Absolutely. Only the "bad" guys. And by bad, they mean everyone and anyone they want.
i hate webp files so much its unreal
I think companies like dot webp images precisely because they are hard to work with... It keeps images from being reused without consent.
Of course nothing loading up in paint and saving as a jpeg can't fix
No, it's because it makes for smaller file sizes and therefore is cheaper to host and deliver, stop spreading misinformation please
@@carlosnava1471 it doesn't have to be a binary thing. I have known many web developers and have built pages in Word press and Drupal, and while I personally haven't been asked, have heard of clients on more than one occasion with concerns over their images being reappropriated. Webp makes that slightly less convenient and has those other benefits to an extent also
Beluga out there causing trouble...
i hope this means that the cat image will be seen as the personification of malice because i hate it
i saw a guy named Text to Speech make a video about this and how it related to discord. haven't watched this vid but wasn't this patched roughly a week ago, or has it appeared as something different?
4:30 Man, they must get paid well!!!
Who in the google building made webp?
I'm not sure what's worse, that people still write buffer overflow bugs in 2023, or that they can still result in arbitrary code execution on a modern system.
Europe: _See, closed source security is going great?
webp isn't closed source though?
@@HyBlock sometimes Google's form of open-source feels like a malicious compliance.
Even tho it's open-source, the methodology of fixing and not reporting these issues is the same way if a closed-source OS does the same and then never reports the issue to anyone else.
I don’t find the danger in that photo
Besides google being evil and there being a non-zero chance this has was malicious from the start,
I fucking hate WebP and WebM. What's wrong with PNG? it's soo much better.
wow beluga called hecker
Often when I download an image from Facebook Messenger, it downloads as a webp, then when I try to send it to someone, Messenger says it's not a compatible file format and also seems to think it's a gif too.
I bet NSO was PISSED when he got the exploit patched. I wouldn't be surprised if they put a hit out on him, Mostly because their shitty exploit got patched.
I bet they have a plan B, C, D and E.
Well according to citizenlab Egypt was the client and a politician was the target. The government put him in jail...
Malware makes a return!
Well, I'd rather get hacked by a polite cat than a rude one...
just change the extension to .png
Google just can't produce something that doesn't have vulnerable flaws. 😑
You need to convert webp to jpg or png first then you can insert it into video editing software like Vegas.
So, yeah. I hate webp.
Are there any video formates that do it?
Would be nice to know what dates this was a problem. And what to remove if somehow it through....
Is there a CVE number or something else which actually explains how this exploid works?
This is why I subscribe.
Can we rename the file extension to .welp ?
JXL for the win.
beluga is getting more powerful
Polite cat*
ollie not whale
When was this vulnerabilty patched?
like a month or two ago
There's a lot of misinformation abut this, its not webp, its the video type, so some apps that people think are were vulnerable actuality are not.
Jpeg XR for the win
This is why I just screenshot webp images.
how is nso legal and israel is not sanctioned in the west for hosting these guys
Finally, RUclips sends it to me on time
btw discord uses a safe version of libwebp
That cat is NOT polite! He hacked my father
I am concerned because I was just sent an image from an unknown number while watching
As someone who's never stood for .webp files, those girls in high school saying "I just had a gut feeling" don't seem so crazy now
Didnt Akamai buy out Linode?
Yes
Didn't know NSO Group before this video but I hate them now
you didnt need chrome to open webp you just needed an image suite like nomacs