This notification is voluntarily shared by BD with Information Sharing and Analysis Organizations (ISAOs).
BD communicates with our customers about cybersecurity vulnerabilities to help enable healthcare providers to manage potential risks through awareness and guidance.
BD is aware of and currently monitoring a vulnerability affecting Google’s library libwebp. This third-party vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party libwebp vulnerability:
The libwebp library is included in the Google Chrome and Windows Edge browsers. The products below contain the browser though it may not be utilized in their operation.
This notification applies to the following BD products:
Microsoft Edge Browser libwebp:
Google Chrome Browser libwebp:
BD is currently working to test and validate the patch(es) or other mitigations for BD products that use the affected third-party component. Please refer to the Bulletins and Patches page for all approved product security patching notifications. BD recommends the following mitigations and compensating controls to reduce risk associated with this vulnerability:
For product- or site-specific concerns, contact your BD service representative.