Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild.
The stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux. The update will roll out over the coming days and weeks. Chrome for Android was also recently updated to 149.0.7827.197.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Atlassian Releases Security Update for Confluence Server and Data Center
August 17, 2023
Atlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe
August 17, 2023
Researchers have found an expansive and active threat campaign that exploited a severe Citrix NetScaler vulnerability to backdoor thousands of devices, including those that were subsequently patched. Attackers automated the exploitation of the remote code execution vulnerability, tracked as CVE-2023-3519, to place Web shells on vulnerable devices. These were found to persist through patches and reboots. Read ...
- New widespread IoT compromise could affect millions of logic controller chips
August 15, 2023
Microsoft security researcher Vladimir Tokarev demonstrated an interesting attack on the industrial internet of things automation software called Codesys. Tokarev, who showed the exploit last week at the annual BlackHat security conference in Las Vegas, used a miniature elevator model to demonstrate how the attack could crash its cab. The software – and more importantly, its ...
- Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
August 10, 2023
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology (OT) infrastructure at risk ...
- CISA Releases Twelve Industrial Control Systems Advisories
August 10, 2023
CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA Releases Five Industrial Control Systems Advisories
August 3, 2023
CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-215-01 Mitsubishi Electric GOT2000 and GOT SIMPLE ICSA-23-215-02 Mitsubishi Electric GT and GOT Series Products Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency