Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.
On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.
Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.
Read more…
Source: MalawareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
May 17, 2022
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that are installed on PCs. The D3D10 driver communicates between the operating system and the GPU. It’s ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
May 16, 2022
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...
- Apache Releases Security Advisory for Tomcat
May 16, 2022
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Apple emergency update fixes zero-day used to hack Macs, Watches
May 16, 2022
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives ...
- Microsoft closes Windows LSA hole under active attack
May 11, 2022
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April’s astonishing 100-plus ...
- Exploits created for critical F5 BIG-IP flaw – install patch immediately
May 8, 2022
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote ...

