Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.
On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.
Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.
Read more…
Source: MalawareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
July 26, 2023
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA ...
- CISA Releases Four Industrial Control Systems Advisories
July 25, 2023
CISA released four Industrial Control Systems (ICS) advisories on July 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-206-01 AXIS A1001 ICSA-23-206-02 Rockwell Automation ThinManager ThinServer Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Norway government ministries hit by cyber attack
July 24, 2023
Norwegian authorities reported a cyber attack of unknown origin against 12 government ministries on Monday. “We have uncovered a previously unknown vulnerability in the software of one of our suppliers,” said Erik Hope, director of the Norwegian ministries’ security and service organisation, in a press statement. “This vulnerability has been exploited by an unknown actor. We ...
- Ivanti Patches Endpoint Manager Mobile CVE-2023-35078 Remote Unauthenticated API Access Vulnerability
July 24, 2023
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make ...
- Atlassian security updates address three high severity vulnerabilities affecting multiple products
July 24, 2023
Atlassian has released the July 2023 Security Bulletin that addresses three high severity vulnerabilities in multiple products. CVE-2023-22505 and CVE-2023-22508 are Remote Code Execution (RCE) vulnerabilities affecting Confluence Server and Confluence Data Center. CVE-2023-22506 is an injection and RCE vulnerability affecting Bamboo Server and Bamboo Data Center. Read more… Source: NHS Digital
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
July 24, 2023
Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs

