Support Request: Critical CVE-2023-5129 + CVE-2023-4863 in SiteKiosk
The image library LibWebP used in a lot of applications, including all major browsers (Chrome, Edge, Firefox, ...) and a lot of other applications has a major security vulnerability that can be triggered by simply displaying a malicious image. No user interaction is required, other than surfing to a website displaying such an image.
All browser vendors have released emergency updates within 2 days of publication of the CVE.
I noticed that SiteKiosk also contains a copy of the LibWebP library located under "C:\Program Files (x86)\SiteKiosk\SiteKioskNG\libwebp.dll".
Again, this is not only a browser issue, but all applications using the LibWebP library are affected and vulnerable if the latest version of the library is not used.
With the old SiteKiosk Windows client being EOL ... will there be an emergency update for the "Final Version" to address this security vulnerability? We are in no way ready to upgrade to the new server/cloud based version.