19 matches found
Vulnerabilities fixed in Google Chrome and Microsoft Edge
Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...
MGASA-2025-0091 Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1914: Out of bounds read in V8. Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Medium CVE-2025-1916: Use after free in Profiles. Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Medium CVE-2025-1918: Out of bounds read...
New FrigidStealer Malware Infects macOS via Fake Browser Updates
Fake browser update scams now target Mac, Windows, and Android users, delivering malware like FrigidStealer, Lumma Stealer, and…...
MGASA-2024-0254 Updated chromium-browser-stable packages fix security vulnerabilities
Use after free in Dawn. CVE-2024-6290, CVE-2024-6292, CVE-2024-6293 Use after free in Swiftshader. CVE-2024-6291...
BadSpace Backdoor Infiltrates via Fake Browser Updates
...
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control C2 server, in some cases a fake browser...
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
Fake web browser updates are being used to deliver remote access trojans RATs and information stealer malware such as BitRAT and Lumma Stealer aka LummaC2. "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...
New 'Brokewell' Android Malware Spread Through Fake Browser Updates
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis...
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...
Atomic Stealer distributed to Mac users via fake browser updates
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious ads were tricking victims into downloading this piece of malware under the disguise of a popular application. In an interesting new development, AMOS is now being delivered to Mac...
Xenomorph hunts cryptocurrency logins on Android
Cryptocurrency owners should take heed of warnings related to Xenomorph malware--Bleeping Computer reports that the most recent version of Xenomorph now targets various cryptocurrency wallets using fake browser update messaging as bait. Xenomorph is roughly a year old, first springing to prominen...
Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT
Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar · August 10, 2023 This blog was also written by Antonio Ribeiro Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool...
Command injection
The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...
CVE-2019-6216
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution...
MGASA-2017-0317 Chromium-browser 60.0.3112.101 fixes security issues
Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060,...
Report Companies Still Not Patching Security Vulnerabilities
The Cisco 2015 Annual Security Report is out and the findings are troubling as always: for every positive finding in the report, it seems, there is a negative finding, neutralizing any gains in the network security struggle. Chief information security officers say their security postures are stro...
MGASA-2014-0413 Updated chromium-browser-stable packages fix security vulnerabilites
Updated chromium-browser-stable packages fix security vulnerabilities: Several security issues and other bugs have been fixed since our previous update. See the upstream release announcements for details. Note that as of version 35, the Chromium browser no longer supports browser plugins, includi...
Phony Browser Updates Redirect Victims to Malware Sites, Scareware
Hackers are using malicious ads promising browser updates to drop malware on users’ machines. Using a mix of social engineering and a variation on scareware, attackers have been taking advantage of recent legitimate Firefox and Chrome updates to infect hundreds of machines in Europe and the Unite...
Fraudulent SSL Certificates
US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...