[benhawkes]

Good questions -- yes other Chromium-based browsers would likely be affected by this bug. Many of these do a commendable job of following security updates in Chromium (like Brave), but others tend to fall quite far behind (like Samsung's SBrowser).

Chrome desktop was affected as well, both on Linux and Windows. Chrome bundles its own version of libwebp, so even if your Linux distribution hasn't patched yet, as long as Chrome is up-to-date you should be OK (in terms of browser attacks at least).

There's lots of wonderfully obscure image file formats that are supported by the major browsers and operating systems. For example you can load a KTX2 file (Khronos Texture Container) on MacOS, or a DNG file (Adobe Digital Negative) on Android. Lots of interesting and highly exposed attack surface for attackers to explore.

[vGPU]

A DNG is in no way an obscure file format. iPhones shoot in DNG when using proraw. DJI drones shoot in DNG. Etc.

[omginternets]

>Chrome desktop was affected as well, both on Linux and Windows.

Not MacOS though?

[benhawkes]

Chrome on MacOS was affected as well, yeah. Note that we don't know if attackers exploited the bug on platforms other than iOS, but its certainly possible that they did (I'd argue even probable).

[Bluecobra]

MacOS is affected. Sadly there hasn't been much coverage on this...

Also for corporate users this is a pain as you have to update Safari via Software Update unlike browsers like Chrome which automatically update.

Safari:

https://support.apple.com/en-us/HT213930

MacOS:

https://support.apple.com/en-us/HT213906

https://support.apple.com/en-us/HT213915

https://support.apple.com/en-us/HT213914