InfoSecBulletin Cybersecurity for mankind
Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for Linux) will be gradually rolled out to users in the coming days and weeks.
The most severe vulnerability is CVE-2024-9954, a high-severity use-after-free flaw in Chrome’s AI component. Reported by researcher DarkNavy, it received a $36,000 bounty.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
CVE-2024-9954: High severity – Use after free in AI
CVE-2024-9955: Medium severity – Use after free in Web Authentication
CVE-2024-9956: Medium severity – Inappropriate implementation in Web Authentication
CVE-2024-9957: Medium severity – Use after free in UI
CVE-2024-9958: Medium severity – Inappropriate implementation in PictureInPicture
CVE-2024-9959: Medium severity – Use after free in DevTools
CVE-2024-9960: Medium severity – Use after free in Dawn
CVE-2024-9961: Medium severity – Use after free in Parcel Tracking
CVE-2024-9962: Medium severity – Inappropriate implementation in Permissions
CVE-2024-9963: Medium severity – Insufficient data validation in Downloads
CVE-2024-9964: Low severity – Inappropriate implementation in Payments
CVE-2024-9965: Low severity – Insufficient data validation in DevTools
CVE-2024-9966: Low severity – Inappropriate implementation in Navigations
The update fixes several medium-severity vulnerabilities in areas like Web Authentication, UI, PictureInPicture, DevTools, Dawn, and Parcel Tracking. The issues include use-after-free bugs, poor implementations, and inadequate data validation.
Google restricts access to detailed bug information until most users update their browsers. This is to protect users from possible exploitation during the update process.
Chrome users should update their browsers immediately to protect against security flaws. To do this, go to settings, click “About Chrome,” and allow it to check for updates.
This release highlights Google’s dedication to browser security and the crucial role of its bug bounty program in finding and fixing vulnerabilities.
Cyber Resilience: Elevating Bangladesh’s Corporate Culture Safeguard
