#chrome

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.

Active eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.

Categories: News Tags: Windows 11 Tags: Windows 10 Tags: phishing Tags: protection Tags: warning Tags: message Tags: Defender Smartscreen We take a look at a new set of security features for Windows 11, and see what Windows 10 can expect to miss out on. (Read more...) The post Windows 11 pulls ahead of Windows 10 in anti-phishing stakes appeared first on Malwarebytes Labs.

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.