WebP CVE-2023-4863

Hi, a vulnerability tool I use along with Itarian, reports a WebP CVE-2023-4863 in Endpoint Manager Communication Client and in COMODO Client - Communication Updater.

HI @datalink

Which version of the Communication Client and Comodo Client does it show has the vulnerability?

False alarm: on older version “Endpoint Manager Communication Client” v. 8.1.46264.23030 (not the Remote Control client). Anyway updating them to the latest version the CVE is no longer present.

ps: Communication Client and Comodo Client to which you refer are not the same thing?

I thought you may have been referring to Comodo Client Security and Comodo (Itarian) Communication Client.

Update: I run again the vulnerability tool on an endpoint with latest version of Communication Client and Comodo Client Security and, unlike what said before, the tool still shows CVS-2023-4863 on the Communication client while the Comodo Client Security seems to be immune to it

The latest Communication Client version is 8.3.47427.23090.
Have you updated it already?

Odd I though it runs the latest version since I just downloaded it and manually installed from the portal since the update command from the portal seems not working
Anyway I will try to check the cve on the latest version or bettet I will send an email to the support to ask if the latest version if secure.


Thank you for contacting ITarian technical support.

Our back-end team has stated that this is Chromium engine vulnerability - Security Update Guide - Microsoft Security Response Center

It is not related to ITarian Communication Client.

ITarian Support

Hi @datalink

ITarian Agent (Known as “Communication Client”) is different to Xcitium Communication Client in a few ways.

The issue or problem you have identified is as support state a Chromium browser issue. As far as I know and I’m guessing this is right due to supports answer, there is no chromium based browser components inside our agent(s).

Hey there, I am on it’s previous version and having similar issue, so where should I take a look for its updated version?

In my case I had to choose enrollment, download the latest version on the endpoint with the older version, rename it to remove the token and install it. Quite tedious

Hi @tarrybrad

If you have configured the update section of your profile (update section from the ITarian Device group) this will automatically update your agents to your default version.

If your default version is not configured to be the latest you can change this under the settings->Portal Settings area inside Endpoint Manager.

Lastly, if you want to do just one device you can choose the install tool and do an update function and untick use default allowing you to choose the version you want to deploy.