Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

The Hacker News
Open in Source
#vulnerability#web#mac#windows#google#microsoft#linux#buffer_overflow#zero_day#chrome#The Hacker News
Update Chrome now! Google issues patch for zero day spotted in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: 104.0.5112.101 Tags: Google Tags: Chrome Tags: CVE-2022-2852 Tags: CVE-2022-2856 Tags: CVE-2022-2854 Tags: CVE-2022-2853 Tags: UAF Tags: heap buffer overflow Google issued an update that includes 11 security fixes. One of the vulnerabilities is labeled as “Critical” and one of the vulnerabilities that is labeled as “High” exists in the wild. (Read more...) The post Update Chrome now! Google issues patch for zero day spotted in the wild appeared first on Malwarebytes Labs.

Malicious Browser Extensions Targeted Over a Million Users So Far This Year

More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said. As many as

How to secure a Windows PC for your kids

Categories: Personal What to think about when preparing your child's Windows device for the new school year. (Read more...) The post How to secure a Windows PC for your kids appeared first on Malwarebytes Labs.

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.

Race Against The Sandbox

Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.

CVE-2021-30490: Software download for Uninterruptible Power Supply

upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.

CVE-2022-36273: CVEIDs/TendaAC9 at main · F0und-icu/CVEIDs

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management

ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised.