Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.
On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.
Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.
Read more…
Source: MalawareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- High-Severity Intel Processor Bug Exposes Encryption Keys
November 15, 2021
A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be. The high-severity privilege-escalation issue is ...
- Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day
November 12, 2021
There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto Networks’ GlobalProtect VPN. The zero-day — which has a severity rating of 9.8 and was first reported by ZDNet — allows for unauthenticated, remote code execution ...
- Mac Zero Day Targets Apple Devices in Hong Kong
November 12, 2021
Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. This isn’t a finely targeted campaign, but it’s a sophisticated one. The ...
- AMD reveals an EPYC 50 flaws – 23 of them rated High severity.
November 12, 2021
Microsoft may have given us a mere 55 CVEs to worry about on November’s Patch Tuesday, but AMD and Intel have topped that number with fixes for their products. AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of “High” concern, meaning they’re rated at between 7.0 and 8.9 on the Common Vulnerability ...
- Magniber ransomware gang now exploits Internet Explorer flaws in attacks
November 11, 2021
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The two Internet Explorer vulnerabilities are tracked as CVE-2021-26411 and CVE-2021-40444, with both having a CVSS v3 severity score of 8.8. The first one, CVE-2021-26411, was fixed in March 2021 and is a memory corruption flaw ...
- Massive Zero-Day Hole Found in Palo Alto Security Appliances
November 10, 2021
UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls. Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving 10,000 vulnerable ...

