Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard.   Google Chrome is a cross-platform web browser — and Chromium is the open-source version of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
Open in Source
#vulnerability#web#google#cisco#java#chrome
CVE-2022-2396: CVE/POC.md at 83c243538386cd0761025f85eb747eab7cae5c21 · CyberThoth/CVE

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

CVE-2022-32308: Use unspoofable Messenger.origin to determine privilege level of ports · Issue #1992 · uBlockOrigin/uBlock-issues

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC)

Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter