Two Chrome updates in two days fix critical vulnerabilities


Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.

On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.

Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.

The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.

Read more…
Source:  MalawareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Gregor Samsa: Exploiting Java’s XML Signature Verification

    November 2, 2022

    XML Signatures are a typical example of a security protocol invented in the early 2000’s. They suffer from high complexity, a large attack surface and a wealth of configurable features that can weaken or break its security guarantees in surprising ways. Modern usage of XML signatures is mostly restricted to somewhat obscure protocols and legacy ...

  • OpenSSL downgrades horror bug after week of panic, hype

    November 1, 2022

    OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. After days of speculation, infosec professionals and armchair bug hunters received more of a trick than a treat on November 1: two CVE-tagged security issues, both rated “high” severity, to patch. One flaw was earlier rated “critical,” though it has ...

  • CISA Releases One Industrial Control Systems Advisory

    November 1, 2022

    CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) Read more… Source: U.S. Cybersecurity and Infrastructure ...

  • Actively exploited Windows MoTW zero-day gets unofficial patch

    October 30, 2022

    A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11. Last weekend, BleepingComputer reported that threat actors were using stand-alone JavaScript files to install the Magniber ransomware on victims’ devices. When a user downloads a file from ...

  • Attack Surface Management 2022 Midyear Review – Part 2

    October 27, 2022

    The cybersecurity landscape changed significantly in the first half of 2022. In our midyear roundup, Trend Micro researchers examine these changes and their effects on business operations as well as what you need to know about staying protected from online attacks. In part one of the series, Trend Micro researchers talked about the growing attack surface ...

  • CISA Adds Six Known Exploited Vulnerabilities to Catalog

    October 24, 2022

    CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...