Google flunks...

Google issued a CVE security advisory ~2 weeks ago for a problem with WebP (image formatting) and said the only software affected was Chrome.

The CVE didn't say any other software or website using WebP imaging is also affected. Just viewing a booby-trapped WebP image could allow hackers to invade. Google just updated the CVE from risk level 8.8 to 10 of 10 because so many apps and sites are affected. So 2 weeks were wasted when lots of apps and sites, including Microsoft Teams, could have been patched.

Read more...