Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

WordPress Membership For WooCommerce Shell Upload

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

Packet Storm
#vulnerability#web#android#windows#apple#google#linux#js#wordpress#php#auth#chrome#webkit#firefox
CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

CVE-2024-29049: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-29981: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?** Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.

Why Cybersecurity Is a Whole-of-Society Issue

Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said. "By binding authentication sessions to the

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature.

Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement

Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the "

The Incognito Mode Myth Has Fully Unraveled

To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.