Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |
||
mozilla firefox |
||
mozilla thunderbird |
||
mozilla firefox esr |
||
microsoft edge |
||
webmproject libwebp |
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Chrome’s second zero-day of the month puts fed security at 'significant risk'
The US's Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was assigned a severity rating of 8.8 on the CVSS v3 scale. With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "significant risk to the federal enterprise,...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Exploit observed in the wild as Mountain View pushes out updates
Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild. The search giant has followed Apple in hurriedly issuing an update in response to research from The Citizen Lab at The University of Toronto's Munk School. It also credited the Apple Security Engineering and Architecture (SEAR) team for the report. The critical vulnerability, CVE-2023-4863, is related to a heap buffer overflow in WebP. WebP, according to Google, "is a modern ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Happy Halloween! Security bugs under attack squashed, more flaws fixed Farewell WordPad, we hardly knew ye
Patch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild. That last one – tracked as CVE-2023-44487 aka Rapid Reset – is an HTTP/2 protocol vulnerability that has been abused since August to launch massive distributed denial of service (DDoS) attacks. Microsoft, Amazon, Google, and Cloudflare all released miti...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are
Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...