Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202208-35

Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.

Packet Storm
#vulnerability#web#mac#google#microsoft#linux#rce#chrome

Gentoo Linux Security Advisory GLSA 202208-35


                                       https://security.gentoo.org/  

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: August 21, 2022
Bugs: #858104, #859442, #863512, #865501, #864723
ID: 202208-35


Synopsis

Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages

-------------------------------------------------------------------  
 Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  

1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101
2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101
3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101
4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63

Description

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/chromium-104.0.5112.101”

All Chromium binary users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/chromium-bin-104.0.5112.101”

All Google Chrome users should upgrade to tha latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/google-chrome-104.0.5112.101”

All Microsoft Edge users should upgrade to tha latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/microsoft-edge-104.0.1293.63”

References

[ 1 ] CVE-2022-2163
https://nvd.nist.gov/vuln/detail/CVE-2022-2163
[ 2 ] CVE-2022-2294
https://nvd.nist.gov/vuln/detail/CVE-2022-2294
[ 3 ] CVE-2022-2295
https://nvd.nist.gov/vuln/detail/CVE-2022-2295
[ 4 ] CVE-2022-2296
https://nvd.nist.gov/vuln/detail/CVE-2022-2296
[ 5 ] CVE-2022-2477
https://nvd.nist.gov/vuln/detail/CVE-2022-2477
[ 6 ] CVE-2022-2478
https://nvd.nist.gov/vuln/detail/CVE-2022-2478
[ 7 ] CVE-2022-2479
https://nvd.nist.gov/vuln/detail/CVE-2022-2479
[ 8 ] CVE-2022-2480
https://nvd.nist.gov/vuln/detail/CVE-2022-2480
[ 9 ] CVE-2022-2481
https://nvd.nist.gov/vuln/detail/CVE-2022-2481
[ 10 ] CVE-2022-2603
https://nvd.nist.gov/vuln/detail/CVE-2022-2603
[ 11 ] CVE-2022-2604
https://nvd.nist.gov/vuln/detail/CVE-2022-2604
[ 12 ] CVE-2022-2605
https://nvd.nist.gov/vuln/detail/CVE-2022-2605
[ 13 ] CVE-2022-2606
https://nvd.nist.gov/vuln/detail/CVE-2022-2606
[ 14 ] CVE-2022-2607
https://nvd.nist.gov/vuln/detail/CVE-2022-2607
[ 15 ] CVE-2022-2608
https://nvd.nist.gov/vuln/detail/CVE-2022-2608
[ 16 ] CVE-2022-2609
https://nvd.nist.gov/vuln/detail/CVE-2022-2609
[ 17 ] CVE-2022-2610
https://nvd.nist.gov/vuln/detail/CVE-2022-2610
[ 18 ] CVE-2022-2611
https://nvd.nist.gov/vuln/detail/CVE-2022-2611
[ 19 ] CVE-2022-2612
https://nvd.nist.gov/vuln/detail/CVE-2022-2612
[ 20 ] CVE-2022-2613
https://nvd.nist.gov/vuln/detail/CVE-2022-2613
[ 21 ] CVE-2022-2614
https://nvd.nist.gov/vuln/detail/CVE-2022-2614
[ 22 ] CVE-2022-2615
https://nvd.nist.gov/vuln/detail/CVE-2022-2615
[ 23 ] CVE-2022-2616
https://nvd.nist.gov/vuln/detail/CVE-2022-2616
[ 24 ] CVE-2022-2617
https://nvd.nist.gov/vuln/detail/CVE-2022-2617
[ 25 ] CVE-2022-2618
https://nvd.nist.gov/vuln/detail/CVE-2022-2618
[ 26 ] CVE-2022-2619
https://nvd.nist.gov/vuln/detail/CVE-2022-2619
[ 27 ] CVE-2022-2620
https://nvd.nist.gov/vuln/detail/CVE-2022-2620
[ 28 ] CVE-2022-2621
https://nvd.nist.gov/vuln/detail/CVE-2022-2621
[ 29 ] CVE-2022-2622
https://nvd.nist.gov/vuln/detail/CVE-2022-2622
[ 30 ] CVE-2022-2623
https://nvd.nist.gov/vuln/detail/CVE-2022-2623
[ 31 ] CVE-2022-2624
https://nvd.nist.gov/vuln/detail/CVE-2022-2624
[ 32 ] CVE-2022-2852
https://nvd.nist.gov/vuln/detail/CVE-2022-2852
[ 33 ] CVE-2022-2853
https://nvd.nist.gov/vuln/detail/CVE-2022-2853
[ 34 ] CVE-2022-2854
https://nvd.nist.gov/vuln/detail/CVE-2022-2854
[ 35 ] CVE-2022-2855
https://nvd.nist.gov/vuln/detail/CVE-2022-2855
[ 36 ] CVE-2022-2856
https://nvd.nist.gov/vuln/detail/CVE-2022-2856
[ 37 ] CVE-2022-2857
https://nvd.nist.gov/vuln/detail/CVE-2022-2857
[ 38 ] CVE-2022-2858
https://nvd.nist.gov/vuln/detail/CVE-2022-2858
[ 39 ] CVE-2022-2859
https://nvd.nist.gov/vuln/detail/CVE-2022-2859
[ 40 ] CVE-2022-2860
https://nvd.nist.gov/vuln/detail/CVE-2022-2860
[ 41 ] CVE-2022-2861
https://nvd.nist.gov/vuln/detail/CVE-2022-2861
[ 42 ] CVE-2022-33636
https://nvd.nist.gov/vuln/detail/CVE-2022-33636
[ 43 ] CVE-2022-33649
https://nvd.nist.gov/vuln/detail/CVE-2022-33649
[ 44 ] CVE-2022-35796
https://nvd.nist.gov/vuln/detail/CVE-2022-35796

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-35

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

CVE-2022-32855: About the security content of iOS 15.6 and iPadOS 15.6

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

CVE-2022-43449: en/security-disclosure/2022/2022-11.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Zero-day puts a dent in Chrome's mojo

Categories: Exploits and vulnerabilities Categories: News The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day. (Read more...) The post Zero-day puts a dent in Chrome's mojo appeared first on Malwarebytes Labs.

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

CISA wants you to patch these actively exploited vulnerabilities before September 8

Categories: Exploits and vulnerabilities Categories: News CISA updated its catalog of actively exploited vulnerabilities. Make sure you update your software before the due date! (Read more...) The post CISA wants you to patch these actively exploited vulnerabilities before September 8 appeared first on Malwarebytes Labs.

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5568-1

Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Gentoo Linux Security Advisory 202208-25

Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.

CVE-2022-2607

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2606

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2605

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2608

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2614

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2615

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-2617

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2618

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

CVE-2022-2619

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

CVE-2022-2620

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2621

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2624: Stable Channel Update for Desktop

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

CVE-2022-2604

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-35796

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

CVE-2022-33649

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

CVE-2022-33636

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2296: Stable Channel Update for Desktop

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2481: Stable Channel Update for Desktop

Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Google Chrome Zero-Day Weaponized to Spy on Journalists

Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say.

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

By Deeba Ahmed The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims… This is a post from HackRead.com Read the original post: Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed

Threat Source newsletter (July 7, 2022) — Teamwork makes the dream work

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’ve been thinking a lot recently about the pros and cons of the way we publicize our threat research. I had a few conversations at Cisco Live with people — who are more generally IT-focused than... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Google Chrome WebRTC Zero-Day Faces Active Exploitation

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution