Latest News

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

Debian Linux Security Advisory 5741-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Open WebUI version 0.1.105 suffers from arbitrary file upload and path traversal vulnerabilities.

Open WebUI version 0.1.105 suffers from a persistent cross site scripting vulnerability.

A guest inside a VirtualBox VM using the virtio-net network adapter can trigger an intra-object out-of-bounds write in src/VBox/Devices/Network/DevVirtioNet.cpp to cause a denial-of-service or escape the hypervisor and compromise the host. This is Google's proof of concept exploit.

A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to local privilege escalation and Container escape.

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO,

The XGETBV instruction reads the contents of an internal control register. It is not a privileged instruction and is usually available to userspace. The contents is also exposed via the xstate_bv header in the XSAVE structure. The primary use of XGETBV is determining the XINUSE flags, which allows kernels and userthread implementations to determine what CPU state needs to be saved or restored on context switch. However, it has been observed that these flags appear to be non-deterministic on various Intel CPUs. The data here is currently research and not necessarily considered a security issue, but a reproducer has been included.

AMD Errata 1386 1 is a flaw that affects the AMD Zen 2 family of processors. The observed result of this bug is that changes to xmm or ymm extended registers during normal program execution may be unexpectedly discarded. The implications of this flaw will vary depending on the workload. This is Google's proof of concept exploit.

This is a proof of concept code from Google called RET2ASLR - Leaking ASLR from return instructions.