Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

CVE
#sql#vulnerability#web#windows#apple#php#auth#chrome#webkit
Chrome content::DisplayCutoutHostImpl::SendSafeAreaToFrame Use-After-Free

A use-after-free issue exists in Chrome 100 and earlier versions. Processing maliciously crafted web content may lead to arbitrary code execution in the browser process.

How to remove Google from your life

Google and all its products can dominate the average person's life. Here's an in-depth guide on how to remove yourself from their ecosystem. The post How to remove Google from your life appeared first on Malwarebytes Labs.

A special browser designed for online banking. Good idea, or not so much?

A specialized banking browser was introduced by a major German bank. While that sounds like a good idea, it looks like they are overestimating what it can do. The post A special browser designed for online banking. Good idea, or not so much? appeared first on Malwarebytes Labs.

Google, Apple, and Microsoft step hand in hand into a passwordless future

Three tech giants used World Password Day to announce their commitment to a passwordless future using FIDO Alliance standards. The post Google, Apple, and Microsoft step hand in hand into a passwordless future appeared first on Malwarebytes Labs.

CVE-2022-30334: [hackerone] Strip referrer and origin in cross-origin requests from a `.onion` origin · Issue #18071 · brave/brave-browser

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."

CVE-2022-30334: [hackerone] Strip referrer and origin in cross-origin requests from a `.onion` origin · Issue #18071 · brave/brave-browser

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."

Threat Roundup for April 29 to May 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft, Apple, and Google Promise to Expand Passwordless Features

The passwordless future just became closer to reality, as Microsoft, Apple, and Google pledge to make the standard possible across operating systems and browsers.

CVE-2022-28581: IOT_vuln/TOTOLink/A7100RU/9 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.