Security News
The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.
The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.
Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems.
In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone - and you have to hope that it wasn't you! - has already been attacked and pwned, even if they're accustomed to patching promptly themselves.
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild. To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.
Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. It is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome.
Google's Chrome is the dominant browser on Earth, which means it works with pretty much everything. Want the compatibility of Chrome with maximum integration into Windows and Microsoft 365? The new Microsoft Edge is built on the Chromium engine so it's as compatible as Chrome itself, but with that Microsoft spin.
A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. "Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said.
A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users. Although the security firm notified the Brazilian CERT, the campaign is ongoing, with hundreds of websites still compromised with malicious scripts that push the malware.
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called private network access.