Use after free in WebAudio in Google Chrome before 78.0.3904.87 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
opensuse leap 15.1 |
Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploits and vulnerabilities used in this attack. In the original blog post we described the exploit loader responsible for initial validation of the targe...
Pair engineer malicious code from public source tweak before official binary releases If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities – and exploit code for one of them is already public, so get patching. In a release note on Monday, Krishna Govind, a test engineer at Google, said Chrome version 80.0.3987.122 addresses three flaws identified by various researchers. Each is rated high severity. One, reported by André Bargull, is an integer-overflow bug in International Components for Unicode (ICU), a set of libraries for C/C++ and...
Including Spanish camgirl sites spill info, domain registrars hacked
Roundup Let's check out some of the more recent security happenings beyond what we've already covered. Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe. More technical...
Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720. Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux and we recommend all ...