Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5289-1

Debian Linux Security Advisory 5289-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.

Packet Storm
#linux#debian#js#i2p#chrome
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5289-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffNovember 27, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-4135Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 107.0.5304.121-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOD1k0ACgkQEMKTtsN8TjaWgQ/9HDgOk5kbfuxkGE54PbO+KtS49agkGnRtJ2VrLoEjSxy8kRp+PUDhjVnU7ZhoH8kGy0ElIRgjTZbxevxbdLKdE69N2x0Jao3fXWYt0rUea28Ub+5xL8VaN6CD53M+PwVtJK3xHccW2FQ2erIi2x9HzbDdI0CP+ifRkYlMWdulKVMY9WsLc9hqyfbwV/91WXPw2q/FlrV7hFmztlL4O24Wj18uYVf4OGnFnQencuGHN3I0ry7mZ2d4DKjE0sEjOwF4/kF1rxuZl3QiuOwBqi2P3v96ScrMxyGHolv9m4sEOQRoJsNdZCDrkLEuC6FdfVx4z5v7ICAEtCSdbN9xqv7MKnTv+qnz0s0yaetFPn3z3A+GY1xVr7H9SlJ5D+oazp801Br8t5btxGrEBSzHsGl5MkRaCHbwXaUDS8dm1gwR6LoNjIq6DuUfs6b6ZTFGEBf9Y6/txP3SYiVkTDdVk7xAWD579+ZHY4Js7z6oB0YTBfzSwkfHUsjHJl6+TXBGLnxpJLzGKbG2oskVooFg9Sp0y6Kbwly945Ov5HcGMIFtX46tmfYgSsKbE5p9AcdnFx62kFyZ/PG6MFFXGQSKW6+m4yWLaeBPy5TTI5wGRdqERySvb5x734SoEi6vIVCqAaWNg6cGJcyuoYRRJsNh6DVNIqjYAC39phUYBGLViRAPkA0=PGWE-----END PGP SIGNATURE-----

Related news

Gentoo Linux Security Advisory 202305-10

Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. <!-

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

GHSA-995f-9x5r-2rcj: Heap buffer overflow in GPU

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4135: Stable Channel Update for Desktop

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution