Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-41706: GitHub - spatie/browsershot: Convert HTML to an image, PDF or string

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

CVE
Open in Source
#web#google#js#git#java#pdf#chrome
Chrome blink::LocalFrameView::PerformLayout Use-After-Free

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

ConnectWise closes XSS vector for remote hijack scams

Researchers also applaud abandonment of customization feature abused by scammers

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

GHSA-995f-9x5r-2rcj: Heap buffer overflow in GPU

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4135: Stable Channel Update for Desktop

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

How to Avoid Black Friday Scams Online

'Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure.

CVE-2022-4089: Reflective XSS vulnerability in Stock Management System · Issue #3 · rickxy/Stock-Management-System

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.

CVE-2022-41932: Brute Force Attack - XWikiLogin is executing create table statements on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.