Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Password-stealing Chrome extension smuggled on to Web Store

Chrome browser extensions can steal passwords from the text input fields in websites, despite Chrome's latest security and privacy standard, Manifest V3. (Read more...) The post Password-stealing Chrome extension smuggled on to Web Store appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#web#google#microsoft#amazon#java#chrome#firefox
How to Use Proton Sentinel to Keep Your Accounts Safe

If you want the highest possible level of protection, this is it.

Debian Security Advisory 5487-1

Debian Linux Security Advisory 5487-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.

2 Polish Men Arrested for Radio Hack That Disrupted Trains

Plus: A major FBI botnet takedown, new Sandworm malware, a cyberattack on two major scientific telescopes—and more.

CVE-2023-40970: [Security Bugs] SQL Injection at loan_rules.php · Issue #205 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.

CVE-2023-40969: [Security Bugs] Server Side Request Forgery at pop_p2p.php · Issue #204 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.

CVE-2023-39354: Out-Of-Bounds Read in nsc_rle_decompress_data

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-4572: Chromium: CVE-2023-4572 Use after free in MediaStream

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

PHP JABBERS PHP Review Script 1.0 Cross Site Scripting

PHP JABBERS PHP Review Script version 1.0 suffers from a cross site scripting vulnerability.