#chrome

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome zero-day Tags: CVE-2023-2033 Tags: V8 flaw Tags: V8 Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.

Categories: News Tags: chrome Tags: browser Tags: update Tags: fake Tags: malware Tags: monero Tags: miner Tags: cryptocurrency Tags: rogue Tags: hacked Tags: compromised Tags: site Tags: website We take a look at a slew of hacked websites pushing fake Chrome updates which are Monero miner malware in disguise. (Read more...) The post Fake Chrome updates spread malware appeared first on Malwarebytes Labs.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Ubuntu Security Notice 6021-1 - It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code.

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.

A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Categories: Threat Intelligence Tags: malvertising Tags: weebly Tags: google Tags: ads Tags: seniors Tags: recipe Tags: tech support Tags: scam Scammers are buying ads on for the most common Google searches made by seniors and defrauding them with tech support scams. (Read more...) The post Massive malvertising campaign targets seniors via fake Weebly sites appeared first on Malwarebytes Labs.