Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Chrome 121 Javascript Fork Malloc Bomb

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

Packet Storm
#vulnerability#web#android#mac#linux#git#java#php#chrome#firefox
PHPJ Callback Widget 1.0 Cross Site Scripting

PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats

By Uzair Amir While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence. This is a post from HackRead.com Read the original post: Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats

10 things to do to improve your online privacy

It's Data Privacy Week so here are 10 tips from our VP of Consumer Privacy, Oren Arar, about how to stay private online.

CVE-2024-21336: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Debian Security Advisory 5607-1

Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2024-21326: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.

CVE-2024-21385: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2024-0814: Chromium: CVE-2024-0814 Incorrect security UI in Payments

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2024-21383: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.