Wednesday , October 16 2024
Chrome

Chrome 130 Launches with Patches for 17 Security Vulnerabilities

infosecbulletin 6 hours ago Vulnerabilities

Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for Linux) will be gradually rolled out to users in the coming days and weeks.

The most severe vulnerability is CVE-2024-9954, a high-severity use-after-free flaw in Chrome’s AI component. Reported by researcher DarkNavy, it received a $36,000 bounty.

Chrome 130 Launches with Patches for 17 Security Vulnerabilities

By infosecbulletin / Wednesday , October 16 2024
Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for...
Read More
Chrome 130 Launches with Patches for 17 Security Vulnerabilities

Researchers Break RSA Encryption with Quantum Computing

By infosecbulletin / Wednesday , October 16 2024
Chinese researchers, led by Wang Chao from Shanghai University, have cracked RSA encryption using quantum computers. This achievement raises serious...
Read More
Researchers Break RSA Encryption with Quantum Computing

Shadowserver's data
87000+ Fortinet devices still open to attack?

By infosecbulletin / Tuesday , October 15 2024
On Sunday, the Shadowserver Foundation revealed that over 87,000 internet-facing Fortinet devices may still be at risk due to (CVE-2024-23113)...
Read More
Shadowserver's data 87000+ Fortinet devices still open to attack?

Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack

By infosecbulletin / Monday , October 14 2024
A new sophisticated scam is targeting Gmail users, using artificial intelligence to manipulate them into giving away account access. This...
Read More
Gmail Scam Alert Billions of Gmail users at risk from sophisticated new AI hack

RansomHub Targets Bangladeshi Confidence Group

By infosecbulletin / Monday , October 14 2024
RansomHub targets Bangladeshi Confidence group of companies limited. The rapidly growing RansomHub ransomware group set time to release the data....
Read More
RansomHub Targets Bangladeshi Confidence Group

Hackers using ChatGPT create malware, OpenAI confirm

By infosecbulletin / Sunday , October 13 2024
OpenAI has neutralized over 20 malicious cyber operations using its AI chatbot, ChatGPT, for creating malware, spreading misinformation, avoiding detection,...
Read More
Hackers using ChatGPT create malware, OpenAI confirm

TrackMan exposes nearly 32 Million Records

By infosecbulletin / Saturday , October 12 2024
Nearly 32 million records and about 110 TB of data from Trackman users were left exposed online. This database included...
Read More
TrackMan exposes nearly 32 Million Records

CISA WARNS
CISA Warns of F5 BIG-IP Cookie Exploitation for Network Reconnaissance

By infosecbulletin / Friday , October 11 2024
CISA has issued a warning about a vulnerability in unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM)...
Read More
CISA WARNS CISA Warns of F5 BIG-IP Cookie Exploitation for Network Reconnaissance

CVE-2024-9164: GitLab Users Urged to Update Now

By infosecbulletin / Friday , October 11 2024
GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5...
Read More
CVE-2024-9164: GitLab Users Urged to Update Now

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

By infosecbulletin / Thursday , October 10 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its...
Read More
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

CVE-2024-9954: High severity – Use after free in AI
CVE-2024-9955: Medium severity – Use after free in Web Authentication
CVE-2024-9956: Medium severity – Inappropriate implementation in Web Authentication
CVE-2024-9957: Medium severity – Use after free in UI
CVE-2024-9958: Medium severity – Inappropriate implementation in PictureInPicture
CVE-2024-9959: Medium severity – Use after free in DevTools
CVE-2024-9960: Medium severity – Use after free in Dawn
CVE-2024-9961: Medium severity – Use after free in Parcel Tracking
CVE-2024-9962: Medium severity – Inappropriate implementation in Permissions
CVE-2024-9963: Medium severity – Insufficient data validation in Downloads
CVE-2024-9964: Low severity – Inappropriate implementation in Payments
CVE-2024-9965: Low severity – Insufficient data validation in DevTools
CVE-2024-9966: Low severity – Inappropriate implementation in Navigations

The update fixes several medium-severity vulnerabilities in areas like Web Authentication, UI, PictureInPicture, DevTools, Dawn, and Parcel Tracking. The issues include use-after-free bugs, poor implementations, and inadequate data validation.

Google restricts access to detailed bug information until most users update their browsers. This is to protect users from possible exploitation during the update process.

Chrome users should update their browsers immediately to protect against security flaws. To do this, go to settings, click “About Chrome,” and allow it to check for updates.

This release highlights Google’s dedication to browser security and the crucial role of its bug bounty program in finding and fixing vulnerabilities.

Cyber Resilience: Elevating Bangladesh’s Corporate Culture Safeguard

Check Also

paloalto

Palo Alto Networks issues fix for security flaws, Including CVE-2024-9463

Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin