According to https://www.theregister.com/2023/09/12/chrome_browser_webp_exploit/, there is an exploit with the libwebp library, which is included (as an Emscripten ASM) in the WebPHero polyfill for WebP images. While it is unlikely that a scraped website will have a WebP with this vulnerability, and even more unlikely that it could access system resources via ASM or WASM, we should check the status of the polyfill.
Jaifroid
commented
1 year ago
According to https://www.theregister.com/2023/09/12/chrome_browser_webp_exploit/, there is an exploit with the libwebp library, which is included (as an Emscripten ASM) in the WebPHero polyfill for WebP images. While it is unlikely that a scraped website will have a WebP with this vulnerability, and even more unlikely that it could access system resources via ASM or WASM, we should check the status of the polyfill.