Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5393-1

Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
#linux#debian#dos#js#chrome
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5393-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffApril 22, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136                  CVE-2023-2137Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.138-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBtkACgkQEMKTtsN8TjZHjA//Xt54GrjHMIT1eis48gYiXhfhUxNl1MiA4eeSYFJuidwGLoZbG8AGmT+2OHUvwjOCiJ4RHV06fnpPuftn95Q9Ehz79WkNeeZSIKCuZPeNK6u6c2LZv3enU3ojFejG5y6k/L6kwBx7VUPNnvraZVZcB0zwbL/f9B5wXgAwluxqynyX3vZBPRjTsJATLQs/PMhx7wWVFXspQjIm6+9bVySuNEsIUTIsDNnRlLnSVler3THdcmlHLBVDU1Qb3CIN6bAzDDnJSOUQIHWKIPLSr84ygeT6n0/eeC7qzqJ4WvG7TKhsyXrH1z+XzRdMFajVDrOhYmofmRG4WgyXibcOfi0eR7aEahNVG4aLZlP+hZvKDlDrSJ5kzI8IH4NaXZid9IGZaOXvxKaTOsKaBuC3uHDlWny1aU5MBb/itSeYbXmNVzIip7BJ10wG9rjaQ4d6VEbrMDEEWy5rqP1PUexW5wNDAwNhMHhV2pgPHnDzkC3ScQM6uN4X2vxs58oGMaSsjqjYpR5MOIEoh2SnNdz4NDXxjP8+bdpOu7MOIh4nYBC/zcWf84DgeMq1tv3RR2LDXfwdMZyxlZc7thPvtZhXfUsDJRX38LD0S0B4JR1ERRqYerpj3ixAuOk6OyyJA0CcdiI1Yave1rFGzjzitxYkpgYG+uRYa/GWgDOuG1Ebbk6R2cE==vqQn-----END PGP SIGNATURE-----

Related news

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been

Gentoo Linux Security Advisory 202309-17

Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular

Update Android now! Google patches three actively exploited zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: 2023-07-05 Tags: CVE2021-29256 Tags: CVE-2023-26083 Tags: CVE-2023-2136 Tags: CVE-2023-21250 Tags: ARM Tags: Skia Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. (Read more...) The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

Update now, there's a Chrome zero-day in the wild

Categories: News Tags: chrome Tags: browser Tags: update Tags: vulnerability Tags: CVE Tags: exploit Tags: exploitation Tags: zero-day Users of Chrome should ensure they're running the latest version to patch an integer overflow in the Skia graphics library. (Read more...) The post Update now, there's a Chrome zero-day in the wild appeared first on Malwarebytes Labs.

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "

CVE-2023-2137

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2136: Stable Channel Update for Desktop

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2135

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2134

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2133

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution