Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.
On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.
Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.
Read more…
Source: MalawareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Attackers exploiting a patched FortiClient EMS vulnerability in the wild
December 19, 2024
During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...
- U.S. Considers Ban On Chinese Made TP-Link Routers
December 18, 2024
The United States government is taking aim at TP-Link, a Chinese technology company that dominates the home and small-business router market in the U.S., amid mounting national security concerns. With TP-Link holding a significant 65% market share, federal authorities are investigating potential vulnerabilities in the company’s devices that could be exploited by foreign entities for cyberattacks. Read ...
- BeyondTrust security advisory addresses a vulnerability in the Remote Support and Privileged Remote Access systems
December 17, 2024
BeyondTrust has released a security advisory that addresses a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2024-12356 has a CVSSv3 score of 9.8 and if exploited could ...
- Link Trap: GenAI Prompt Injection Attack
December 17, 2024
With the rise of generative AI, new security vulnerabilities are emerging. One such vulnerability is prompt injection, a method that malicious actors can exploit to manipulate AI systems. Typically, the impact of prompt injection attacks is closely tied to the permissions granted to the AI. However, the attack discussed in this article differs from commonly known ...
- Proof-of-Concept Released for Critical Apache Struts Vulnerability
December 17, 2024
Apache has released a security bulletin addressing a critical vulnerability in Apache Struts 2. Apache Struts is an open-source model-view-controller (MVC) framework for creating Java web applications. CVE-2024-53677 is a ‘Unrestricted Upload of File with Dangerous Type’ vulnerability and has a CVSSv4 score of 9.5. This vulnerability exists in the File Upload Interceptor, which allows developers ...
- HiatusRAT Actors Targeting Web Cameras and DVRs
December 16, 2024
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification (PIN) to highlight HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the table below to reduce the likelihood and impact of these attack campaigns. Threat HiatusRAT is a ...

