LoughTec - IT · Cyber Security’s Post

Google has released a security update for Chrome to patch a new high-severity vulnerability (CVE-2024-4671) that is being actively exploited by threat actors. The zero-day flaw is a use-after-free issue in the Visuals component that could potentially allow attackers to execute malicious code on affected systems. What you need to do: Update your Chrome browser to the latest version (124.0.6367.201/.202) immediately to protect yourself from this threat. If you use Chromium-based browsers like Microsoft Edge, Brave, Opera or Vivaldi, keep an eye out for updates and install them promptly when available. Staying on top of software updates, especially for browsers which are often targeted, is crucial for maintaining a strong security posture. Don't delay - update Chrome now to mitigate this actively exploited zero-day vulnerability! https://lnkd.in/gr_V37N9 #ChromeZeroDay #GoogleUpdate #BrowserSecurity #Cybersecurity

🚫New Critical Google Chrome Security Warning As 0-Day Exploit Confirmed🚫 #Google has issued a new critical security update for Chrome users across multiple platforms as evidence of an exploit is confirmed. In a Chrome stable channel update announcement, published November 28, Google confirms it "is aware that an exploit for CVE-2023-6345 exists in the wild." Six Additional Vulnerabilities Fixed By Google 👉CVE-2023-6348 is a type confusion vulnerability in Spellcheck. 👉CVE-2023-6347 is a use after free vulnerability in Mojo. 👉CVE-2023-6346: is a use after free vulnerability in WebAudio9 👉CVE-2023-6350: is an out of bounds memory access vulnerability in libavif. 👉CVE-2023-6351: is a use after free vulnerability in libavif. Reference by Forbes : https://lnkd.in/d8ePDG-G #isms #vulnerability #chrome #cve

I would like to share an update regarding a recent zero-day vulnerability discovered by Google, known as CVE-2023-6345. This vulnerability is related to an integer overflow issue found in Skia, an open source 2D graphic library used in Chrome. Google has taken prompt action by releasing a security update to address this vulnerability, along with six other vulnerabilities in Chrome. While Google's advisory provides limited details about CVE-2023-6345, it is worth noting that an exploit for this vulnerability is publicly available. According to the National Vulnerability Database (NVD), this flaw affects versions of Chrome prior to 119.0.6045.199. It has the potential to allow a remote attacker, who has compromised the renderer process, to perform a sandbox escape through a malicious file. The NVD has classified this bug as a high-severity issue. It is important to acknowledge the efforts of Google's Threat Analysis Group, who discovered and reported CVE-2023-6345 on November 24. Their contribution in identifying and addressing this vulnerability is commendable. Read : https://lnkd.in/e_RAuE2P #vulnerabilities #zeroday #cybersecurity #google

Google has taken swift action to enhance the security of its Chrome browser by releasing a set of updates on Thursday. These updates specifically target a zero-day vulnerability that has been actively exploited in real-world scenarios. Identified as CVE-2024-4671, this vulnerability is classified as high-severity and is related to a use-after-free issue within the Visuals component of Chrome. The flaw was initially brought to Google's attention by an anonymous researcher on May 7, 2024. The use-after-free vulnerability is a serious concern as it allows attackers to manipulate memory that has already been freed, potentially leading to the execution of malicious code. By addressing this flaw promptly, Google aims to prevent any further exploitation and protect its users from potential security breaches. The company's commitment to security is evident through its proactive approach in promptly releasing these updates to mitigate the risk associated with the zero-day vulnerability. Google's response to this security issue demonstrates its dedication to maintaining a secure browsing experience for Chrome users. By collaborating with security researchers and promptly addressing vulnerabilities, Google ensures that its browser remains resilient against potential threats. This proactive approach not only safeguards users' personal information but also helps to maintain trust in the Chrome browser as a reliable and secure platform. https://lnkd.in/gKfnZaV7 #DataSecurity #cybersecurityawareness #infosec #cybersecurity #technology #CyberSec #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness #coding #softwaredeveloper #webdev #cybersecuritytips #pentesting #informationsecurity #bugbounty #cyberattack #cyberattacks #programmer #google

Ideally, if your organization uses Chrome browser, it does have organization managed settings, enforcing proper privacy settings, and, especially, security auto update settings as well. "Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability" ➡ By default, Chrome is supposed to auto update, but for compatibility validation purpose (custom plugins, specific addons), it's not always enabled. Yet, this requires closer overlook when a zero day update is released like today ! #cybersecurity #chrome #google https://lnkd.in/gKfnZaV7

Google has released a new security update for Google Chrome on Monday. The objective is clear: fixing the 4th zero-day security flaw of the year 2023 in the browser, a vulnerability, which was classified as critical and we chose as this week's #CVEofTheWeek. CVE-2023-4863 pertains to a heap buffer overflow in the WebP image format, that provides superior lossless and lossy compression for images on the web. Using WebP, webmasters and web developers can create smaller, richer images that make the web faster. Google Chrome and Mozilla Firefox, among other browsers, use WebP for its efficient image compression capabilities. A malicious exploitation of this flaw could potentially jeopardize the security of millions of internet users. The root of the issue lies within the "BuildHuffmanTable" function, used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data, the system can end up trying to write data outside of the allocated memory for the table. In computer security, this is known as an Out-of-Bounds (OOB) write, and it can lead to unpredictable behavior, crashes, or worse, potential malicious exploitation. For more technical details, please visit the blog post below about the findings: https://lnkd.in/eCEf92iy Google has not disclosed any details about the attacks that are exploiting this vulnerability, but it is likely that they are being used in targeted attacks to gain access to sensitive information or to install malware. They just confirmed: "An exploit for CVE-2023-4863 exists in the wild." Users are recommended to upgrade to Chrome version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. #whitehatitsec #informationsecurity

Time to update your #Google #Chrome #Browser. For home users: 3-dot menu (top right) -> Help -> About Google Chrome. The update will automatically download and you then restart Chrome. Enterprise admins, by now you know what to do! 😎 #cybersecurity https://lnkd.in/ew5ZDkX8

🚨 Critical Alert from ShieldTech 🚨 We've just posted an important update on a newly discovered Chrome zero-day vulnerability. Your immediate action is required. Read and act now to protect yourself #Cybersecurity #GoogleChrome #ZeroDay #ShieldTech

Google has released security updates for Chrome to address a zero-day flaw actively exploited by hackers. The vulnerability, tracked as CVE-2024-4671, is a high-severity use-after-free bug. Google confirmed the existence of an exploit in the wild but did not provide further details. This is the second zero-day vulnerability patched by Google this year. Users are advised to update Chrome to the latest version to mitigate risks. #soc #socanalyst #securityoperationscenter #cybersecurityanalyst #paloAlto #cybersecuritynews #malware #cyberattacks #micorsoft #vulnerability #securityawareness #Cisco #redteam #blueteam #applenews #googlecybersecurity #google  #apple #ios #osint #Android

🔒 [Zero-Day] Google’s Urgent Chrome Update 🔓 Google recently released critical security updates for Chrome, addressing multiple vulnerabilities.  They affect all Chromium-based web browsers, including a zero-day exploit. None of the vulnerabilities currently have an available CVSS score. 🔎We highly recommend promptly updating Chrome.  🔗Please see more details in the news article on our website: https://lnkd.in/g3Hh2PZ2 #CubicLighthouse #InfoSec #ChromeUpdates