chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google Threat Analysis Group on 2026-03-10...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 460017370 High CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-11-12 450328966 High CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep on 2025-10-09...

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585 , which has been described as a type confusion issue in the V8 JavaScript a...

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 CVSS score: 8.1, has been described as a type confusion flaw in the V8 JavaScript and WebAssembly engine. "Type...

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed...

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 CVSS score: 7.2,...

Russian APT29 Using NSO Group-Style Exploits in Attacks, Google

Google’s Threat Analysis Group TAG has exposed a new campaign by Russian state-backed APT29, also known as Cozy…...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 1513170 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19...

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 CVSS score: 7.8 - Memory corruption in DSP Services during a remote call fro...

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are describe...

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 CVE-2023-38831 is an RCE in WinRAR 6.23...

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU...

Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird

By Waqas The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group TAG. This is a post from HackRead.com Read the original post: Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird...

Exploit for Link Following in Microsoft

CVE-2023-36874 Windows Error Reporting LPE BOF Introductio...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 2 security fixes: 1450481 High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 8 security fixes: 1429197 High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 1429201 High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on...