Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2025-2783: Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.93 3/26/2025 134.0.6998.177/.178

Microsoft Security Response Center
Open in Source
#windows#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
GHSA-785h-76cm-cpmf: Django TomSelect incomplete escaping of dangerous characters in widget attributes

### Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. ### Details Attributes passed to the widget (such as `label_field`) containing `<`, `>`, and similar tokens are not fully escaped. This results in some raw values reaching the widget, and rendering in part or fully. For example, a label of: `"Test User <script>I can pass this to the label_field and it gets rendered</script>"` is rendered in the choices's label visually as `"Test User "` with the trailing space, and what appears as an un-executed script tag following it (which is visible when viewing source). The actual output rendered in the browser for this example is: `<div role="option" data-value="63f205b6" class="item" data-ts-item="">Test User <script>I can pass this to the label_field and it gets rendered</script></div>` The script tags appears to be valid in Chrome dev tool...

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

How to Enter the US With Your Digital Privacy Intact

Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.

New Phishing Campaign Targets macOS Users with Fake Security Alerts

LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users.

What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06)

This week on the Lock and Code podcast, we speak with Carey Parker about what Google Chrome knows about you.

CVE-2025-2476: Chromium: CVE-2025-2476 Use after free in Lens

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.83 3/21/2025 134.0.6998.117/.118

CVE-2025-29806: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable CVE-2024-8904, 129.0.6668.58/.59 9/19/2024

CVE-2025-29795: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

UAT-5918 targets critical infrastructure entities in Taiwan

UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.