Hello, In September 2023, Google published CVE-2023-4863 and CVE-2023-5217 to address vulnerabilities in WebP (a compression format for images on the web) and libvpx (a software video codec library) that may result in remote code execution. The subsequent impact to Microsoft products has been documented in the Security Update Guide and the MSRC blog. Google is aware that exploits exist for both vulnerabilities.These CVEs are both categorised as High Severity and we are notified that “A verified remote code execution exploit is publicly available for one or more weaknesses related to this recommendation.”Currently we have 4 machines that appear to have Razer Software installations that have this 3rd party component included and are therefore being flagged as affected by both CVE-2023-4863 and a separate (earlier) WebP vulnerability CVE-2023-1999 (I believe the existence of these 2 vulnerabilities are why all 4 of our affected devices are being flagged as High Risk in our vulnerability monitoring system)N.B. Our vulnerability monitoring system flags the following 2 files as vulnerable on all 4 devices:File File Version Affected by CVEs C:\Windows\Installer\Razer\installer\app\libwebp_x64.dll 1.1.0.0 CVE-2023-1999 & CVE-2023-4863 C:\Windows\Installer\Razer\installer\app\libwebp_x86.dll 1.1.0.0 CVE-2023-1999 & CVE-2023-4863 I believe the existence of these 2 files is caused by the installation of Razer Synapse on these devices, At this stage it is unclear exactly which version(s) are installed on each device – So I will need to check via our software discovery to get a better idea of what app (and version) are installed on each device, failing that I will need to check locally on at least one of our machines to carry out an investigation.The only reference I can find on the Razer site(s) to the C:\Windows\Installer\Razer\* path is this forum article: https://insider.razer.com/razer-synapse-29/delete-c-windows-installer-razer-over-13gb-45177, however as both the affected LibWebP DLL’s exist below the “C:\Windows\Installer\Razer\installer\app” folder; deleting the affected files does not appear to be an option.The latest Razer downloads can be found via: https://www.razer.com/gb-en/pc/software, specifically for the Current release of Synapse 3: https://www.razer.com/gb-en/synapse-3Direct download: https://rzr.to/synapse-3-pc-download for “RazerSynapseInstaller_V1.16.0.543.exe”Another observation: The installer version numbering has no obvious relationship to the actual product version installed (Installer v1.x.x / Product v3.x.x), so it is unclear if this is a newer version than what the user(s) already have installed.From my searching I can find no Release Notes of any substance anywhere on the Razer sites (Main site (razer.com) or forum (insider.razer.com), so it is anyone’s guess if updates to this product have had the fixes included by now?Searching (without quotes) on Google for: “CVE-2023-1999 site:razer.com” returns zero results – Indicating there is no mention of this CVE anywhere on the indexed pages of the Razer site(s).Searching (without quotes) on Google for: “CVE-2023-4863 site:razer.com” returns zero results – Indicating there is no mention of this CVE anywhere on the indexed pages of the Razer site(s). If it comes to it, a clean re-installation of Razer Synapse could potentially be performed on each device following these instructions: https://mysupport.razer.com/app/answers/detail/a_id/1708However, Step 8 makes absolutely no mention of the C:\Windows\Installer\Razer\* path, so I’d suspect this would still not resolve the issue.Can you:Confirm if these CVEs have already been fixed in a later version of the Razer software (I assume Synapse 3)? Confirm which version of Synapse 3 we need to have installed to remove thse CVEs? Confirm which version of the Installer I should use to install the fixed version of Synapse 3? Confirm where your product Release Notes are published that state where and when this CVE was resolved in your software? Update your Clean re-installation instructions to detail any other the Razer folders that may need to be removed (e.g. below C:\Windows\Installer\Razer)? Can you make some major improvements to the manner in which you publish your release notes?so we, as customers of your products(s) know exactly what has been fixed, for what reason and when? N.B. This is worth a read: https://www.productplan.com/learn/release-notes-best-practices/I look forward to your answers as soon as you possibly can, so I can resolve these high severity CVEs from my estate. Thanks in Advance,Adrian ScottEUC engineer

Hi guys,Probably some good news for you: There is a NEW Synapse Software available (BETA).You can check it out here:https://www.razer.com/de-de/synapse-new(german setting)The new software come with a new UI andhas this issue resolved as the vulnerable .dll files are not installed anymore:Hope this helps!Cheers,CSGood to know that a later version should fix this, but security policy prevents me from using ‘Beta’ software on our production devices.Making customers wait for the later Synapse to be released is not the fix for this, Razer needs to provide a patched version of the existing Razer software versions - Like any good software vendor. 🤷🏻

Razer Synapse 3 LibWebP vulnerabilities (CVE-2023-1999 & CVE-2023-4863)

Skip to main content

Forums
Support
House Rules
Promos and Giveaways
Razer Silver Rewards

Create
Login

[MONTHLY SILVER] January 2026 30,000 Silver Drawing

2 days ago

Home
Community Overview
Razer Synapse
Razer Synapse 3
Razer Synapse 3 LibWebP vulnerabilities (CVE-2023-1999 & CVE-2023-4863)

Powered by Gainsight

Cookies Cookie settings Accessibility statement

Sign up

Already have an account? Login

Log in with Razer ID to create new threads and earn badges.

LOG IN

Welcome to Razer Insider

Log in with Razer ID to create new threads and earn badges.

LOG IN

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK

Shop

RazerStores
RazerCafe
Store Locator
Purchase Programs
Bulk Order Program
Education
Only at Razer
Razer Silver Rewards
Affiliate
Newsletter

Explore

Technology
Chroma RGB
Concepts
Esports
Collabs

Support

Get Help
Registration & Warranty
RazerStore Support
RazerCare
Manage Razer ID
Support Videos
Recycling Program
Accessibility Statement

Company

About Us
Careers
Newsroom
zVentures
Contact Us

FOR GAMERS. BY GAMERS.™

Site Map
Legal Terms
Privacy Policy

FOR GAMERS. BY GAMERS.™