#google

### Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. ### Patches The problem has been patched upstream in libwebp 1.3.2. pywebp was updated to bundle a patched version of libwebp in v0.3.0. ### Workarounds No known workarounds without upgrading. ### References - https://www.rezilion.com/blog/rezilion-researchers-uncover-new-details-on-severity-of-google-chrome-zero-day-vulnerability-cve-2023-4863/ - https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.

Categories: News Categories: Personal Amazon has announced it will require all privileged AWS to use MFA in the near future. Let's hope others follow. (Read more...) The post Multi-factor authentication has proven it works, so what are we waiting for? appeared first on Malwarebytes Labs.

Categories: News Categories: Scams A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Here's why. (Read more...) The post Amazon Prime email scammer snatches defeat from the jaws of victory appeared first on Malwarebytes Labs.

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures. It was first

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Plus, Qakbot appears to be still active, despite efforts from the FBI and other international law enforcement agencies to disrupt the massive botnet.

There is a race condition in edgetpu_pin_user_pages which is reachable from some unprivileged contexts, including the Camera app, or the Google Meet app.

Ubuntu Security Notice 6417-1 - It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

Ubuntu Security Notice 6416-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.