CVE-2023-21776

creationtimestamp| type| source ---|---|--- 2023-01-11 00:42:05+00:00| seen| https://t.me/cibsecurity/56312 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html...

crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

GHSA-J2JP-WVQG-WC2G crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022...

CVE-2022-36449

creationtimestamp| type| source ---|---|--- 2022-11-22 21:05:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html 2022-11-24 12:08:24+00:00| published-proof-of-concept| https://t.me/truesecator/3742 2023-06-12 00:58:47+00:00| published-proof-of-concept|...

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Posted by Maddie Stone, Project Zero Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device ...

Exploit for CVE-2022-33679

CVE-2022-33679 One day based on https://googleproject...

Exploit for CVE-2022-33079

CVE-2022-33679 One day based on https://googleproject...

CVE-2022-33647

creationtimestamp| type| source ---|---|--- 2022-10-26 07:00:06+00:00| published-proof-of-concept| https://t.me/TopCyberTechNews/189 2022-10-27 19:48:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html 2022-10-31 19:01:56+00:00| seen|...

CVE-2022-42703

creationtimestamp| type| source ---|---|--- 2022-10-10 02:23:31+00:00| seen| https://t.me/cibsecurity/51054 2022-12-08 19:04:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html 2022-12-08 20:20:35+00:00| seen|...

CVE-2022-3038

creationtimestamp| type| source ---|---|--- 2022-09-26 20:23:01+00:00| seen| https://t.me/cibsecurity/50511 2023-03-30 18:17:31+00:00| seen| https://t.me/truesecator/4237 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-19 16:01:00+00:00| seen|...

Vulnerability fixed in Xpdf and Xpdfreader

A vulnerability has been fixed in Xpdf and Xpdfreader. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service or to execute arbitrary code in the scope of the application. Google's Project Zero published a comprehensive analysis in December 2021 published about a zero-clic...

CVE-2022-33917

creationtimestamp| type| source ---|---|--- 2022-08-03 02:18:11+00:00| seen| https://t.me/cibsecurity/47453 2022-11-22 21:05:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html 2022-11-23 11:03:00+00:00| published-proof-of-concept|...

CVE-2022-34169

creationtimestamp| type| source ---|---|--- 2022-07-19 22:40:50+00:00| seen| https://t.me/cibsecurity/46575 2022-08-15 09:47:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2946 2022-11-02 11:41:00+00:00| seen|...

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and...

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 CVSS score: 8.8, concerns a case of a use-after-free...

An Autopsy on a Zombie In-the-Wild 0-day

Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a...

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, onl...

The More You Know, The More You Know You Don’t Know

A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in review of 0-days exploited in-the-wild 2020, 2019. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what w...

Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.75 for Windows, Mac and Linux which will roll out over the coming days/weeks. The Extended Stable channel has been updated to 100.0.4896.75 for Windows and Mac which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access...