SUSE CVE-2023-0696

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-25735

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page from a remote location...

CVE-2023-25733

The return value from gfx::SourceSurfaceSkia::Map wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox 110...

CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 102.8 and Firefox ESR 102.8...

DEBIAN-CVE-2023-0696

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2023-0696

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Foxit Reader < 12.0.2 Multiple Vulnerabilities (Jan 2023)

Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...

Foxit PDF Editor < 11.2.4 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.4. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF...

CVE-2022-22749

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 96...

CVE-2022-46883

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

CVE-2022-46878

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

Internet Explorer Zero-Day Vulnerability Exploited by APT 37

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human righ...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type conversion errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released

On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this...

Minor update (6) for Vivaldi Desktop Browser 5.5

Download Vivaldi The following improvements were made since the fifth 5.5 minor update: Chromium Backported fix: Type Confusion in V8 CVE-2022-4262 Main photo byCamilo Jimenez...

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis...

DEBIAN-CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google addressed an array of bugs with Chrome 108

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux fixes several vulnerabilities. There are eight high-severity security flaws and 14 medium-severity flaws. The most significa...