#chrome

CVE-2022-3304: Chromium: CVE-2022-3304 Use after free in CSS

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #microsoft #chrome #Microsoft Edge (Chromium-based)#Security Vulnerability

CVE-2022-42004: Add check in `BeanDeserializer._deserializeFromArray()` to prevent use of deeply nested arrays · Issue #3582 · FasterXML/jackson-databind

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

2 years ago

CVE

Open in Source

#google #js #git #intel #chrome

Chinese Hackers Hiding Malware in Windows Logo

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

2 years ago

HackRead

Open in Source

#vulnerability #web #mac #windows #google #microsoft #git #backdoor #botnet #chrome

GuppY CMS 6.00.10 Shell Upload

GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #windows #apple #linux #php #rce #auth #chrome #webkit #ssl

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

2 years ago

Wired

Open in Source

#vulnerability #web #ios #apple #microsoft #intel #backdoor #rce #ssrf #auth #zero_day #chrome

CVE-2022-40277: GitHub - laurent22/joplin: Joplin - an open source note taking and to-do application with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

2 years ago

CVE

Open in Source

#sql #web #ios #android #mac #windows #google #microsoft #amazon #linux #cisco #apache #nodejs #js #git #php #perl #nginx #pdf #aws #auth #chrome #firefox #ssl

Gentoo Linux Security Advisory 202209-23

Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #mac #google #microsoft #linux #rce #chrome

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

2 years ago

DARKReading

Open in Source

#web #google #wordpress #php #backdoor #pdf #chrome #firefox

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

2 years ago

Wired

Open in Source