Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-34596: IOT_Vul/readme_en.md at main · zhefox/IOT_Vul

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

CVE
Open in Source
#vulnerability#web#mac#apple#google#intel#chrome#webkit#wifi
CVE-2022-2295: Chromium: CVE-2022-2295 Heap buffer overflow in WebRTC

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2022-2294: Chromium: CVE-2022-2294 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.49 7/6/2022 103.0.5060.114 Extended Stable: 102.0.1245.56 7/6/2022 102.0.5005.148

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers have uncovered a supply chain attack that tricked app and website developers into using copies of popular npm packages that contained malicious code to steal form data. The post IconBurst software supply chain attack offers malicious versions of NPM packages appeared first on Malwarebytes Labs.

Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk

As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Update now! Chrome patches ANOTHER zero-day vulnerability

Google has patched a vulnerability in Chrome which was being exploited in the wild. Make sure you're using the latest version. The post Update now! Chrome patches ANOTHER zero-day vulnerability appeared first on Malwarebytes Labs.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

Gun Database Breach Leaks Details on Thousands of Owners

Plus: Indian hacker-for-hire groups, Chinese student espionage efforts, and more.