⛔ GOOGLE CHROME BROWSER ⛔ Urgent Security update required ! Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024. Type confusion vulnerabilities occur when a program attempts to access a resource with an incompatible type. It can have serious consequences as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the fourth zero-day that Google has patched since the start of the month after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947. #Google #Chrome #GoogleChrome #WeAreLoughTec #CyberSecurity Link to Article below ⬇ https://lnkd.in/gGbRxwWG
LoughTec - IT · Cyber Security’s Post
More Relevant Posts
-
Google has released a security update for Chrome to patch a new high-severity vulnerability (CVE-2024-4671) that is being actively exploited by threat actors. The zero-day flaw is a use-after-free issue in the Visuals component that could potentially allow attackers to execute malicious code on affected systems. What you need to do: Update your Chrome browser to the latest version (124.0.6367.201/.202) immediately to protect yourself from this threat. If you use Chromium-based browsers like Microsoft Edge, Brave, Opera or Vivaldi, keep an eye out for updates and install them promptly when available. Staying on top of software updates, especially for browsers which are often targeted, is crucial for maintaining a strong security posture. Don't delay - update Chrome now to mitigate this actively exploited zero-day vulnerability! https://lnkd.in/gr_V37N9 #ChromeZeroDay #GoogleUpdate #BrowserSecurity #Cybersecurity
To view or add a comment, sign in
-
Security is everyone's responsibility | LA ISO27001 | CIA | CISSP | NIST | ITIL | CEH | NSE | CIS | CCNP
🚫New Critical Google Chrome Security Warning As 0-Day Exploit Confirmed🚫 #Google has issued a new critical security update for Chrome users across multiple platforms as evidence of an exploit is confirmed. In a Chrome stable channel update announcement, published November 28, Google confirms it "is aware that an exploit for CVE-2023-6345 exists in the wild." Six Additional Vulnerabilities Fixed By Google 👉CVE-2023-6348 is a type confusion vulnerability in Spellcheck. 👉CVE-2023-6347 is a use after free vulnerability in Mojo. 👉CVE-2023-6346: is a use after free vulnerability in WebAudio9 👉CVE-2023-6350: is an out of bounds memory access vulnerability in libavif. 👉CVE-2023-6351: is a use after free vulnerability in libavif. Reference by Forbes : https://lnkd.in/d8ePDG-G #isms #vulnerability #chrome #cve
To view or add a comment, sign in
-
Fortinet - NSE 1 | NSE 2 | Splunk - Core User | Power User | Arcon - Associate| Admin | PAM Administrator | Tenable | CompTIA N+ | Security +
I would like to share an update regarding a recent zero-day vulnerability discovered by Google, known as CVE-2023-6345. This vulnerability is related to an integer overflow issue found in Skia, an open source 2D graphic library used in Chrome. Google has taken prompt action by releasing a security update to address this vulnerability, along with six other vulnerabilities in Chrome. While Google's advisory provides limited details about CVE-2023-6345, it is worth noting that an exploit for this vulnerability is publicly available. According to the National Vulnerability Database (NVD), this flaw affects versions of Chrome prior to 119.0.6045.199. It has the potential to allow a remote attacker, who has compromised the renderer process, to perform a sandbox escape through a malicious file. The NVD has classified this bug as a high-severity issue. It is important to acknowledge the efforts of Google's Threat Analysis Group, who discovered and reported CVE-2023-6345 on November 24. Their contribution in identifying and addressing this vulnerability is commendable. Read : https://lnkd.in/e_RAuE2P #vulnerabilities #zeroday #cybersecurity #google
Google Patches Another Chrome Zero-Day as Browser Attacks Mount
darkreading.com
To view or add a comment, sign in
-
Google has taken swift action to enhance the security of its Chrome browser by releasing a set of updates on Thursday. These updates specifically target a zero-day vulnerability that has been actively exploited in real-world scenarios. Identified as CVE-2024-4671, this vulnerability is classified as high-severity and is related to a use-after-free issue within the Visuals component of Chrome. The flaw was initially brought to Google's attention by an anonymous researcher on May 7, 2024. The use-after-free vulnerability is a serious concern as it allows attackers to manipulate memory that has already been freed, potentially leading to the execution of malicious code. By addressing this flaw promptly, Google aims to prevent any further exploitation and protect its users from potential security breaches. The company's commitment to security is evident through its proactive approach in promptly releasing these updates to mitigate the risk associated with the zero-day vulnerability. Google's response to this security issue demonstrates its dedication to maintaining a secure browsing experience for Chrome users. By collaborating with security researchers and promptly addressing vulnerabilities, Google ensures that its browser remains resilient against potential threats. This proactive approach not only safeguards users' personal information but also helps to maintain trust in the Chrome browser as a reliable and secure platform. https://lnkd.in/gKfnZaV7 #DataSecurity #cybersecurityawareness #infosec #cybersecurity #technology #CyberSec #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness #coding #softwaredeveloper #webdev #cybersecuritytips #pentesting #informationsecurity #bugbounty #cyberattack #cyberattacks #programmer #google
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
thehackernews.com
To view or add a comment, sign in
-
Ideally, if your organization uses Chrome browser, it does have organization managed settings, enforcing proper privacy settings, and, especially, security auto update settings as well. "Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability" ➡ By default, Chrome is supposed to auto update, but for compatibility validation purpose (custom plugins, specific addons), it's not always enabled. Yet, this requires closer overlook when a zero day update is released like today ! #cybersecurity #chrome #google https://lnkd.in/gKfnZaV7
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
thehackernews.com
To view or add a comment, sign in
-
Google has released a new security update for Google Chrome on Monday. The objective is clear: fixing the 4th zero-day security flaw of the year 2023 in the browser, a vulnerability, which was classified as critical and we chose as this week's #CVEofTheWeek. CVE-2023-4863 pertains to a heap buffer overflow in the WebP image format, that provides superior lossless and lossy compression for images on the web. Using WebP, webmasters and web developers can create smaller, richer images that make the web faster. Google Chrome and Mozilla Firefox, among other browsers, use WebP for its efficient image compression capabilities. A malicious exploitation of this flaw could potentially jeopardize the security of millions of internet users. The root of the issue lies within the "BuildHuffmanTable" function, used to verify if the data is accurate. The vulnerability can occur when more memory is allocated if the table isn't sufficiently large for valid data, the system can end up trying to write data outside of the allocated memory for the table. In computer security, this is known as an Out-of-Bounds (OOB) write, and it can lead to unpredictable behavior, crashes, or worse, potential malicious exploitation. For more technical details, please visit the blog post below about the findings: https://lnkd.in/eCEf92iy Google has not disclosed any details about the attacks that are exploiting this vulnerability, but it is likely that they are being used in targeted attacks to gain access to sensitive information or to install malware. They just confirmed: "An exploit for CVE-2023-4863 exists in the wild." Users are recommended to upgrade to Chrome version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. #whitehatitsec #informationsecurity
To view or add a comment, sign in
-
Time to update your #Google #Chrome #Browser. For home users: 3-dot menu (top right) -> Help -> About Google Chrome. The update will automatically download and you then restart Chrome. Enterprise admins, by now you know what to do! 😎 #cybersecurity https://lnkd.in/ew5ZDkX8
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
thehackernews.com
To view or add a comment, sign in
-
🚨 Critical Alert from ShieldTech 🚨 We've just posted an important update on a newly discovered Chrome zero-day vulnerability. Your immediate action is required. Read and act now to protect yourself #Cybersecurity #GoogleChrome #ZeroDay #ShieldTech
🚨 Urgent: Update Chrome Now 🚨 Google has just patched a critical zero-day vulnerability in Chrome, CVE-2023-5217. The flaw allows for potential code execution and is already being exploited. Read more here: https://lnkd.in/dKYgJZX3 🛡 Action Steps Update to Chrome version 117.0.5938.132 Users of Chromium-based browsers like like Microsoft Edge, Brave, Opera, or Vivaldi should also update as fixes become available. Don't delay; your security could be at risk. #Cybersecurity #GoogleChrome #ZeroDay #CVE20235217
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
thehackernews.com
To view or add a comment, sign in
-
Cyber Security Analyst | Security + | Splunk ES | IBM QRadar | CrowdStrike | SentinelOne | Proofpoint | Armis Cyber Defense Core |
Google has released security updates for Chrome to address a zero-day flaw actively exploited by hackers. The vulnerability, tracked as CVE-2024-4671, is a high-severity use-after-free bug. Google confirmed the existence of an exploit in the wild but did not provide further details. This is the second zero-day vulnerability patched by Google this year. Users are advised to update Chrome to the latest version to mitigate risks. #soc #socanalyst #securityoperationscenter #cybersecurityanalyst #paloAlto #cybersecuritynews #malware #cyberattacks #micorsoft #vulnerability #securityawareness #Cisco #redteam #blueteam #applenews #googlecybersecurity #google #apple #ios #osint #Android
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
thehackernews.com
To view or add a comment, sign in
-
🔒 [Zero-Day] Google’s Urgent Chrome Update 🔓 Google recently released critical security updates for Chrome, addressing multiple vulnerabilities. They affect all Chromium-based web browsers, including a zero-day exploit. None of the vulnerabilities currently have an available CVSS score. 🔎We highly recommend promptly updating Chrome. 🔗Please see more details in the news article on our website: https://lnkd.in/g3Hh2PZ2 #CubicLighthouse #InfoSec #ChromeUpdates
To view or add a comment, sign in
3,186 followers