Two Chrome updates in two days fix critical vulnerabilities


Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.

On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.

Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.

The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.

Read more…
Source:  MalawareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

    October 13, 2022

    On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...

  • Fortinet warns admins to patch critical authentication bypass bug immediately

    October 7, 2022

    Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. The security flaw (tracked as CVE-2022-40684) is an authentication bypass on the administrative interface that could allow remote threat actors to log into unpatched devices. “An authentication bypass using an alternate path or channel ...

  • CISA Releases Three Industrial Control Systems Advisories

    October 7, 2022

    CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-284-01 Altair HyperView Player ICSA-22-284-02 Daikin SVMPC1 and SVMPC2 ICSA-22-284-03 Sensormatic Electronics C-CURE 9000 Read more… Source: ...

  • Microsoft Exchange server zero-day mitigation can be bypassed

    October 3, 2022

    Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution. Both security flaws were reported ...

  • Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

    October 1, 2022

    Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. Microsoft also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, ...

  • Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

    September 30, 2022

    Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker. Currently, Microsoft is aware of ...