#chrome

N. Korean ‘FlexibleFerret’ malware targets macOS with fake Zoom apps, job scams, and bug report comments, deceiving users…

Palo Alto, USA, 30th January 2025, CyberNewsWire

Palo Alto, USA, 30th January 2025, CyberNewsWire

This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

A critical vulnerability in Brave Browser allows malicious websites to appear as trusted sources during file uploads/downloads. Learn…

**According to the CVSS metric, Confidentiality and Integrity are rated as Low and Availability is None (C:L, I:L, A:N). What does that mean for this vulnerability?** An attacker is only able to comprise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser.