Two Chrome updates in two days fix critical vulnerabilities


Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore.

On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one.

Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which can sometimes allow attackers to run malicious code. Google has not reported any of these vulnerabilities as being actively exploited.

The Stable channel has been updated to 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux. The updates will roll out over the coming days and weeks.

Read more…
Source:  MalawareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • How Outlook notification sounds can lead to zero-click exploits

    December 21, 2023

    An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first ...

  • Sneaky GPU.zip technique steals sensitive information from your graphics card

    December 21, 2023

    Researchers from four top American universities have uncovered a new way for threat actors to sneakily access visual information from your graphics card while you’re online and browsing certain websites. The researchers call this threat “GPU.zip,” because it takes advantage of the hidden data compression methods used by modern graphics processing units (GPUs) to leak visual ...

  • Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

    December 19, 2023

    First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office. The CVE-2017-11882 vulnerability is ...

  • A Log4Shell Retrospective – Overblown and Exaggerated

    December 18, 2023

    Two years ago, CVE-2021-44228 sent the security industry into a panic. The vulnerability, better known as Log4Shell, had security professionals working overtime through the holidays hunting down vulnerable log4j libraries. At the time, there was fear and confusion around what software was affected, which were exploitable, and where attackers would attack next. The reality was that ...

  • Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability

    December 18, 2023

    CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can access, upload, or modify important files, steal sensitive information, disrupt critical services, or move laterally on ...

  • Critical RCE vulnerability discovered in Perforce Helix Core Server

    December 15, 2023

    Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more. Perforce Server customers are strongly urged to update to version ...