Nodebb licensing issue vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited...

Nodebb path traversal vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. Nodebb is vulnerable to a path traversal vulnerability that could be exploited to access locations outside of restricted directories...

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input i...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit the vulnerability to exploit heap corruption via a crafted HTML page...

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as CVE-2021-37975 and...

Google Emergency Update Fixes Two Chrome Zero Days

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...

Edge’s Super Duper Secure Mode benchmarked: How much speed would you trade for security?

In an attempt to make Edge more secure, the Microsoft Vulnerability Research team has started to experiment with disabling Just-In-Time JIT compilation in the browsers V8 JavaScript engine, to create what its calling Super Duper Secure Mode. The reasoning behind this experiment sounds valid. A...

[SECURITY] [DSA 4917-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4917-1 [email protected] https://www.debian.org/security/ Michael Gilbert May 17, 2021 https://www.debian.org/security/faq -...

Debian DSA-4917-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer...

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws...

Node.js: Unexpected input validation of octal literals in nodejs v15.12.0 and below returns defined values for all undefined octal literals.

Summary: Unexpected input validation of octal literals in the nodejs implementation of V8 JavaScript engine V8 9.0.257.13 and below returns defined values for all undefined octal literals where otherwise should return undefined. Input data 08, 09... 078, 079 should return undefined, as evinced by...

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac,...

Debian: Security Advisory (DSA-4858-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4846-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4846-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 07, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4846-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4846-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 07, 2021 https://www.debian.org/security/faq -...

Google Chrome Zero-Day Afflicts Windows, Mac Users

Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers. A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

Foxit Reader JavaScript media openPlayer type confusion vulnerability

Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Google Chrome Security Update (stable-channel-update-for-desktop_11-2020-11) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...