#chrome

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

In some specific instances, the SurrealQL parser will attempt to recursively parse nested statements or idioms (i.e. nested `IF` and `RELATE` statements, nested basic idioms and nested access to attributes) without checking if the depth limit established by default or in the `SURREAL_MAX_COMPUTATION_DEPTH` environment variable is exceeded. This can lead to the stack overflowing when the nesting surpasses certain levels of depth. ### Impact An attacker that is authorized to run queries on a SurrealDB server may be able to run a query using the affected statements and idioms with very deep nesting in order to crash the server, leading to denial of service. ### Patches - Version 1.1.0 and later are not affected by this issue. ### Workarounds Concerned users unable to update may want to limit the ability of untrusted users to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to e...

By Deeba Ahmed 9Hits, Double Hit: Malware Mimics Web Tool to Mine Crypto, Generate Fake Website Traffic. This is a post from HackRead.com Read the original post: Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners

Google has issued a security update for the Chrome browser that includes a patch for one zero-day vulnerability.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

By Waqas Is Google Incognito mode really private? Well, the answer is no. Why? Let's take a closer look... This is a post from HackRead.com Read the original post: Google Incognito Mode: New Disclaimer Reveals Data Tracking

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values,

Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that makes it