112 matches found
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)
Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...
Google Chrome UI security bypass vulnerability
Chrome is a simple and efficient web browsing tool developed by Google, which is characterized by simplicity and speed. Google Chrome suffers from a security vulnerability. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome memory out-of-bounds access vulnerability
Chrome is a simple and efficient web browsing tool developed by Google. ANGLE in versions prior to Google Chrome 93.0.4577.82 suffers from a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92832)
Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in Permissions in versions of Google Chrome prior to 93.0.4577.82. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Competition Condition Vulnerability (CNVD-2021-68452)
Chrome is a web browsing tool developed by Google. a competing condition vulnerability exists in WebAudio in versions prior to Google Chrome 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62188)
Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the File System API in versions prior to Google Chrome 92.0.4515.131. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62185)
Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the Page Info UI in versions prior to Google Chrome 92.0.4515.131. A remote attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...
Google Chrome out-of-bounds read vulnerability (CNVD-2021-62186)
Chrome is a web browsing tool developed by Google. An out-of-bounds read vulnerability exists in the Tab Strip in versions of Google Chrome prior to 92.0.4515.131. A remote attacker could exploit this vulnerability to obtain sensitive information...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62183)
Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the "Browser UI" in versions of Google Chrome prior to 92.0.4515.131. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-62166)
Chrome is a web browsing tool developed by Google, and a heap buffer overflow vulnerability exists in WebGL in versions prior to Google Chrome 92.0.4515.107. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash...
What is DNS Hijacking❓ Basic methods of protection
DNS hijacking is a common cyberattack technique known as domain name server reconfiguration. The attacker’s goal is to redirect the user to a bogus website created by them. Domain Name Server Hijacking. Also referred to as DNS redirection, the process is utilized by hackers to alter the resolutio...
Google Chrome post-release reuse vulnerability (CNVD-2021-43401)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in "Web Services" in Google Chrome versions prior to 91.0.4472.101. No details of the vulnerability are available at this...
PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward
DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty...
Identifying People by Their Browsing Histories
Interesting paper: "Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to...
Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed "Cookiethief" by Kaspersky researchers, the Trojan works by...
JVN#97325754: F-RevoCRM vulnerable to cross-site scripting
F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying the...
Tips for Successful Zero-Trust Implementation
The zero-trust concept is often and pithily summarized as “trust no one, verify everything.” No enterprise can stave off the myriad of cyberthreats as long as they assume that any individual element can be trusted as secure. No traffic, whether internal or external, can automatically be deemed...
What is BAT and why you should install Brave Browser?
BAT is an Ethereum token that powers Brave Software's blockchain-based digital advertising platform. Internet users who browse the web using Brave's free web browser available at can choose to replace the ads they see with ads on Brave's ad network. Users then receive BAT from advertisers as...
Microsoft Windows GDI Component CVE-2019-1011 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...
Microsoft Edge Chakra Scripting Engine CVE-2019-1003 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...