Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5420-1

Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
#linux#debian#dos#js#ssh#chrome
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5420-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-3079Multiple security issues were discovered in Chromium, whichcould result in the execution of arbitrary code, denial of serviceor information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 114.0.5735.106-1~deb11u1.For the upcoming stable distribution (bookworm), these problems havebeen fixed in version 114.0.5735.106-1~deb12u1We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSAuzkACgkQEMKTtsN8TjYkHw//YSLfIYssjDXV6CkcW1SO+qGwPwB8/57wUJEpA8x73DjUhbUgatpbyuaKHWYX7knrTT7PG1nHgRaBWkWp+TFfpjsOEo/C6guIgwkYQ6GPLePLJe7RwWI2NxzH+o9GgqZhzJ34BC7YQd2FWKGe59cYE26TAqk8R7rSTi9PnPtZqO5Y7BlKo8g8WjJhIYLG8N58zFKxDQxt6XKwkKVJIIbImAb5qOGpThSB05vuan36EyX8UZWHoj5ao+z1gUL9HbSkznfEZUYpHIOf2VNcrI3DCrxJejESmtWaeL8XPC7PlVEgfOZoFIvdMo9ZY6hLUOGe1uWeozTSBELyRvvXdWRiSlmY1W4AysD5/3cOppCbyR+eixUgUMhCLNcYs8gHut/MFILMYMAlegDScNp3r4kZBSjyXX+ftEoagBSSHw0AFXswj8wb5adbalrWybH8Ky44BT2G3cd5tk1GAn/hh3WMoq+lOmB498UmTSuQe9PV+4FRdbYSPlIBotnmAQcASLeJLutlO2qjqf1DTO+mRA0MciIzoIsPjNNI9LxnWoPuMhsZb4KhuxJUfpSDWVoHDbqc7cTpzRTgJ0UnuTbNNUK6puDHhb3427u1T+tsAw0jEeYpg/0PhhRZfptz4RF9iFFFokKvpBdFOlAo643XD6yFCQjKfMDyJ5xdmUu2Ce1r2fw==HC9u-----END PGP SIGNATURE-----

Related news

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been

Gentoo Linux Security Advisory 202311-11

Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Now’s not the time to take our foot off the gas when it comes to fighting disinformation online

YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”

Update Chrome now! Google patches actively exploited zero-day

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution