How strong is the “we take security seriously”. “always watching“, “fast to respond”, “working with the industry” vibes in this post!
When only the day before their DNS (a core product) goes out for hours as they weren’t monitoring a well alerted change to upstream DNS records that took place weeks before, (which might have allowed a crafty spoofing incident).
Makes it hard to put too much faith in the hype of some of these puff pieces.
Webp is one in a series of exploits that will come to pass in all codecs. Media codecs are made without regard to safety and overwhelmingly rely on handmade assembly or hardware implementations.
As usual most of this issue is resolved by using languages that can be memory safe.
It wont even render a preview thumbnail on older systems and wants to open in a browser by default (yuck! this is a picture)
png, jpg and the others are good enough.