Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Seven Industrial Control Systems Advisories
July 18, 2023
CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02 Keysight N6845A Geolocation Server ICSA-23-199-03 Iagona ScrutisWeb Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- DDoS threat report for 2023 Q2
July 18, 2023
The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including: Multiple DDoS offensives orchestrated by pro-Russian hacktivist groups REvil, Killnet and Anonymous Sudan against Western interest websites. An increase in deliberately engineered and targeted DNS attacks alongside a 532% surge in DDoS attacks exploiting the Mitel ...
- US energy department, other agencies hit in global hacking spree
July 16, 2023
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign
July 13, 2023
This past March, Fortinet researcher Yonghui Han discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them. The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, CVE-2023-29311, CVE-2023-29312, CVE-2023-29313, CVE-2023-29314, CVE-2023-29315, CVE-2023-29316, CVE-2023-29317, CVE-2023-29318, and CVE-2023-29319. All of these vulnerabilities have been ...
- Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
July 13, 2023
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. Seven vulnerabilities affect Apple macOS only Two vulnerabilities affect VMWare vCenter. Three vulnerabilities affect both. Read more… Source: Cisco Talos
- CISA Releases Nine Industrial Control Systems Advisories
July 13, 2023
CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03 Siemens SIMATIC CN 4100 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency