Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-36266: Keeper Security - Dumping Cleartext Passwords

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout.

CVE-2023-37627: PoC for CVE-2023-37627

Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.

Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of

Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts

Categories: Threat Intelligence Tags: Meta Tags: Facebook Tags: malware Tags: ads manager Tags: chrome Tags: extension A group of criminals is actively targeting Facebook business users to gain access to their advertising accounts via malicious Chrome extensions. But we spotted that they made a mistake... (Read more...) The post Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts appeared first on Malwarebytes Labs.

Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic.

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared