Fortinet FortiClient: CVE-2023-4863: CVE-2023-4863 - Heap overflow in Chrome/libwebp

Fortinet Product Security team has evaluated the impact of the vulnerablity affecting Google Chrome library listed below:CVE-2023-4863: severity HIGHHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.https://nvd.nist.gov/vuln/detail/CVE-2023-4863FortiClient and FortiClientEMS applications have embedded Chrome browser (for SAML authentication and administrative console application.)FortiSOAR is using Chrome to render reports on the backend.Libwepb is the library which renders ".webp" images into chrome browser.When a malicious image is displayed in chrome (with data overflow), program execution might be modified by the attacker. The attacker will need to escape google chrome sandboxing environment to perform additional damages.