An arbitrary code execution vulnerability has been found in the WebP library. (Infact it sounds like the the algorithm the format itself uses is vulnerable.) This is a massive problem, but sounds exactly like what the hardened malloc is supposed to protect against? Also apparently there is already a patch in the October AOSP, maybe we could get it early?
https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html?m=1
Limited list of effected apps:
1Password
balenaEtcher
Basecamp 3
Beaker (web browser)
Bitwarden
CrashPlan
Cryptocat (discontinued)
Discord
Eclipse Theia
FreeTube
GitHub Desktop
GitKraken
Joplin
Keybase
Lbry
Light Table
Logitech Options +
LosslessCut
Mattermost
Microsoft Teams
MongoDB Compass
Mullvad
Notion
Obsidian
QQ (for macOS)
Quasar Framework
Shift
Signal
Skype
Slack
Symphony Chat
Tabby
Termius
TIDAL
Twitch
Visual Studio Code
WebTorrent
Wire
Yammer