Chubb provides alerts to help keep our clients informed of risks that could affect their organizations. Google, Microsoft, Apple, Mozilla, 1Password and others have recently disclosed a maximum severity vulnerability, CVE-2023-4863 , affecting numerous applications using libwebp, a widely-used image handling library. A number of popular web browsers, including Google Chrome, Microsoft Edge, and Mozilla Firefox, the Thunderbird email client, as well as applications using the Electron open-source framework such as 1Password and Slack are impacted. A list of affected Electron applications can be found here.

If exploited, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on a system running a vulnerable application and, in some cases, without user interaction. Google and Apple are aware of active exploitation of this vulnerability in the wild, including a zero-click compromise of an iPhone running the latest version of iOS (16.6).

This is a global alert. Google, Microsoft, Apple, Mozilla, 1Password, and others have released details on the potential impact and advise those affected to apply patches as soon as possible.

Chubb’s Cyber Risk Advisory Team is available to help answer your questions and assist in finding solutions to mitigate cyber exposures like the one described above. To request advisory services, please click here.

For additional information, please contact You may also use Chubb’s interactive tool Chubb Cyber Index® to access additional resources to help evaluate and address cyber risks your business may face. 
Chubb’s cyber insurance policyholders are monitored using non-intrusive outside web scanning methods. While these methods vary and are subject to change, the insights generated are typically viewable in cybersecurity rating company reports, such as those provided by BitSight and Security Scorecard, which all Chubb cyber policyholders have complimentary access to review. For more information about vulnerability alerts and our scanning technology or to sign up, click here ;  or contact Chubb’s Cyber Global Risk Advisors at  Chubb makes no representations or warranties around these continuous monitoring efforts, and cannot reasonably alert all policyholders about all observed vulnerabilities.  For more thorough service, consider speaking with a Managed Security Service Provider.

Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at .  The materials and information contained herein are distributed for informational purposes only by ACE American Insurance Company on behalf of itself and its U.S.-based affiliates.  The information provided is advisory in nature and is offered as a resource to be used together with your professional insurance, technical, legal, and other advisors in maintaining a cyber loss prevention program.  The information provided should not be relied on as technical, insurance, or legal advice or a definitive statement of the law in any jurisdiction.  For such advice, you should consult your own legal counsel, technical advisor, or insurance consultant.  No liabilities or warranties are assumed or provided by the information contained in this email or document or in other information provided by Chubb’s Cyber Risk Advisory Team.  You are under no obligation to contract for services that may be recommended or with any of the service providers.  Adoption of a recommendation or vendor is your independent choice.  Neither Chubb nor its employees or agents make any warranties or assume any liability for the recommendations or the performance of any vendor, including any goods or services received.   Before you adopt a recommendation or engage with vendors, you should conduct your own due diligence to ensure the company and its services meet your needs.  Unless otherwise indicated or approved, payment for services provided by any vendor is your responsibility.

Chubb, 202 Hall’s Mill Road, Whitehouse Station, NJ 08889-1600.  This email (including any attachments) is intended for the designated recipient(s) only, and may be confidential, non-public, proprietary, and/or protected by the attorney-client or other privilege. Unauthorized reading, distribution, copying or other use of this communication is prohibited and may be unlawful. Receipt by anyone other than the intended recipient(s) should not be deemed a waiver of any privilege or protection.  If you are not the intended recipient or if you believe that you have received this email in error, please notify the sender immediately and delete all copies from your computer system without reading, saving, printing, forwarding, or using it in any manner. Although it has been checked for viruses and other malicious software (“malware”), we do not warrant, represent, or guarantee in any way that this communication is free of malware or potentially damaging defects. All liability for any actual or alleged loss, damage, or injury arising out of or resulting in any way from the receipt, opening or use of this email is expressly disclaimed.