Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2025-25000: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 135.0.3179.54 4/3/2025 135.0.7049.41/.42/.52

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected

Vulnerability in most browsers abused in targeted attacks

A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

Money Laundering 101, and why Joe is worried

In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.

CVE-2025-2783: Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.93 3/26/2025 134.0.6998.177/.178

GHSA-785h-76cm-cpmf: Django TomSelect incomplete escaping of dangerous characters in widget attributes

### Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. ### Details Attributes passed to the widget (such as `label_field`) containing `<`, `>`, and similar tokens are not fully escaped. This results in some raw values reaching the widget, and rendering in part or fully. For example, a label of: `"Test User <script>I can pass this to the label_field and it gets rendered</script>"` is rendered in the choices's label visually as `"Test User "` with the trailing space, and what appears as an un-executed script tag following it (which is visible when viewing source). The actual output rendered in the browser for this example is: `<div role="option" data-value="63f205b6" class="item" data-ts-item="">Test User <script>I can pass this to the label_field and it gets rendered</script></div>` The script tags appears to be valid in Chrome dev tool...

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

How to Enter the US With Your Digital Privacy Intact

Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.