On September 11th, 2023, a vulnerability was assigned CVE-2023-4863, the bug was found to be in the WebP Codec image rendering library (libwebp). The WebP Codec library is a library used to encode and decode images in WebP format, and is not unique to Chrome but rather utilized by Chromium and incorporated in many other applications.
I know that expo-image was affected by it, and the Expo team has released a fix: https://blog.expo.dev/fix-for-cve-2023-4863-in-expo-image-1-3-4-59c04c40758e
Does anyone know if the built in Image component in React Native is affected?
It turns out React-Native Image is affected by the libwebp vulnerability, as it uses a library called Fresco, which is maintained by Meta. Fresco in turn uses libwebp, Fresco recently bumped their libwebp version to 1.3.2 which contains a fix for the vulnerability. However, React-Native have not upgraded their Fresco version to 3.1.1, which means it's still vulnerable, I have reported this to Meta.