Integer overflow in Skia in Google Chrome before 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
microsoft edge chromium |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus: 3 critical CVEs in Zyxel NAS devices
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there. You're encouraged to thus grab the latest updates for the browser. This latest zero-day flaw, tracked as CVE-2023-6345, is a high-severity integer overflow vulnerability in Skia, a popular graphics library used by Chrome. To exploit this bug, an attacker would need to have already compromised the renderer process, at which point they may be able to perform a sandbo...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Two CVEs can be abused to steal sensitive info or execute code
Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack. The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked as CVE-2023-42916, and a memory corruption vulnerability tracked as CVE-2023-42917. Both are in the WebKit web browser engine – the heart of Safari, as found on iThings and Macs – and can be abused to access sensitive information (CVE-2023-4291...