Two Chrome updates in two days fix critical vulnerabilities


Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.

On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.

Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.

The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.

Read more…
Source:  MalawareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

    August 16, 2022

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include: CVE-2022-24682 CVE-2022-27924 CVE-2022-27925 ...

  • Over 9,000 VNC servers exposed online without a password

    August 14, 2022

    Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB ...

  • Potential hack for some Boeing planes fixed

    August 12, 2022

    A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday. Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered ...

  • Palo Alto Networks Releases Security Update for PAN-OS

    August 10, 2022

    Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. Read more… Source: U.S. Cybersecurity and Infrastructure Security ...

  • Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws

    August 9, 2022

    Today is Microsoft’s August 2022 Patch Tuesday, and with it comes fixes for the actively exploited ‘DogWalk’ zero-day vulnerability and a total of 121 flaws. Seventeen of the 121 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution or elevation of privileges. Read more… Source: Bleeping Computer  

  • APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets

    August 9, 2022

    A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. They call it ÆPIC Leak because it affects the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), which helps the CPU handle interrupt requests from various ...