Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-2156: Chromium: CVE-2022-2156 Use after free in Base

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2022-33638: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-30192: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft 365 Users in US Face Raging Spate of Attacks

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.

Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign

Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.

Brave Now Lets You Customize Search Results—for Better or Worse

The privacy-focused company's new Goggles tool allows users to weed out the noise—whatever that might mean.

Evolving Beyond the Password: Vanquishing the Password

Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)

The Risk of Multichannel Phishing Is on the Horizon

The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar

We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.

80% of Firms Suffered Identity-Related Breaches in Last 12 Months

With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.