Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-33680: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

Microsoft Security Response Center
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2017-20120: Offensive Security’s Exploit Database Archive

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-33639

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.

CVE-2022-30192

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.

CVE-2022-33638

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.

CVE-2022-32969: Halborn Discovers Critical Vulnerability Affecting Crypto Wallet Browser Extensions

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.

Hundreds of Websites and Piracy Apps Seized in US-Brazil’s Operation 404.4

By Deeba Ahmed In the fourth wave of Operation 404, the Brazilian law enforcement agencies blocked/shut down around 226 websites and… This is a post from HackRead.com Read the original post: Hundreds of Websites and Piracy Apps Seized in US-Brazil’s Operation 404.4

Forced Chrome extensions get removed, keep reappearing

Malwarebytes found a family of forced Chrome extensions that can't be removed because of a policy change that tells users "Your browser is managed". The post Forced Chrome extensions get removed, keep reappearing appeared first on Malwarebytes Labs.

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an

How to Find New Attack Primitives in Microsoft Azure

Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.