I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.

Users are posting images like the following:

https://imgur.com/a/RS4iAeI

And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.

Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.

  • SafetyGoggles@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    No offense, but I think you’re putting too much trust on the Lemmy code. I’m not saying the code is bad, but it’s just as likely as other codes that the vulnerability is in Lemmy’s code.

    • Killing_Spark@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      But lemmy itself shouldn’t really interact with the images in terms of decoding them. Just having the code in the image may be weird but it should only affect code that actually tries to read and understand the bytes. Just passing it around shouldn’t cause the code to be executed.

      And the real decoding and displaying is hopefully done by the browsers Codebase, not by anything Lemmy does itself.

      At least that’s my line of reasoning. I may very well be off here.