Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5295-1

Debian Linux Security Advisory 5295-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.

Packet Storm
#linux#debian#ibm#chrome
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5295-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffDecember 04, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-4262A security issue was discovered in Chromium, which could result in theexecution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 108.0.5359.94-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmONAwEACgkQEMKTtsN8TjbwkQ//SQalC/1GuxYOyo80+as5FYA+VASCz8dZnFXcxoeUN9kxMVDJfCCY+FYRm400tmU32xXHnUnZhv5ByyB/1/VvLS3rl9+/mhfkXagMVg2v0Vpo4WgWqFaZx7ckUYnzlbVXJ2XsXqZQ3aqELlgL0/2CoLidb1GJIbmBfuRq0qYPB8xWQi3H+RFY+pXjRD7Z96aADTAnLfewaYfg04k+H9D6T7bfYeJqysupIVSnd0dO9R2xpKmnVkjAZZ2Fcs0/UYKyLD+kzTMW5Mx4f9FwpJ0W2epfGdhUFfc3DupMn80yFgddodcXTs+O+cldWfM7X064sSD0cfKoBIfWEtUzg0MAByWk7RoIqcMkolQVyfi7kiThtgqY4USS+OitAdqHpxwjTqa7XEqSNkerHuDmXy1oQSO/5ZF047++Ibr5Haf3ka0SiYXbmtnmDEjkppq4ac+TmZl4QdoqOn9YhBMwWgvA+jw6ErMbTyQEBXao0Qw4R/yayN1nCrc1T/QIh8wrHXfT/hsOkZ2Xk9aBNIfku11DDLTukexIyhCFXEq/Z5VX9WzT7vGocoqo+BCVLTGYH1JBuQ/1zB/vHRCO9dphgxHsd/VKXWz8T285GPMqAlB9rU+5b8d0mkB8SFbTt02nHRNz/Bw2riLGulcXkaJvzfNYF5HJjixNjUzWR/3yO0XkV8Q=g4Fi-----END PGP SIGNATURE-----

Related news

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Google Chrome Flaw Added to CISA Patch List

CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.

Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released

Categories: Exploits and vulnerabilities Categories: News Tags: V8 Tags: V8 JavaScript Engine Tags: Google Chrome Tags: Chrome Tags: CVE-2022-4262 Tags: 108.0.5359.94 Tags: 108.0.5359.95 Tags: Chrome V8 flaw Tags: type confusion Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you're using the latest version. (Read more...) The post Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

CVE-2022-4262: Stable Channel Update for Desktop

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution