Sunday , October 6 2024

Google Warns of New Chrome Zero-Day Attack

infosecbulletin Sunday , April 16 2023 International

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild.

The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine.

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

By infosecbulletin / Saturday , October 5 2024
National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
First Half Of 2024 Report Bangladeshi 32.4% government websites face cyber attack: NAS report

Prince Ransomware Hits UK and US

By infosecbulletin / Saturday , October 5 2024
A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
Prince Ransomware Hits UK and US

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

By infosecbulletin / Friday , October 4 2024
CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

A summary of “2024 State of Cybersecurity survey” by ISACA

By infosecbulletin / Friday , October 4 2024
ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress

By infosecbulletin / Friday , October 4 2024
A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of...
Read More
ISACA reveals 64% of Australian cybersecurity professionals feel increasing stress

Researchers detected 31 new Malware in September

By infosecbulletin / Friday , October 4 2024
In September, cybersecurity experts discovered 31 new ransomware variants that threaten individuals and businesses. These programs encrypt valuable data, making...
Read More
Researchers detected 31 new Malware in September

CRI Release New Ransomware Response Guidance

By infosecbulletin / Thursday , October 3 2024
New guidance on ransomware, released during this week's International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to...
Read More
CRI Release New Ransomware Response Guidance

ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws

By infosecbulletin / Thursday , October 3 2024
Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to...
Read More
ALERT Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching

By infosecbulletin / Wednesday , October 2 2024
Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted...
Read More
Patch it now! Critical Zimbra RCE flaw exploited: Needs Immediate Patching

CISA Warns
Network switch RCE flaw impacts critical infrastructure

By infosecbulletin / Wednesday , October 2 2024
CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code...
Read More
CISA Warns Network switch RCE flaw impacts critical infrastructure

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a barebones advisory that credits Clément Lecigne of Google’s Threat Analysis Group for reporting the issue.

The company did not provide any additional details of the bug, the in-the-wild exploitation, indicators of compromise (IOCs) or any guidance on the profile of targeted machines.

Google said access to bug details and links may be kept restricted until a majority of users are updated with a fix. The company said it may also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

The patch is being pushed to Chrome 112.0.5615.121 for Windows Mac and Linux and will roll out via the software’s automatic patching mechanism over the coming days/weeks.

The Chrome zero-day patch comes days after Microsoft acknowledged a zero-day in its flagship Windows operating system was being hit by ransomware actors.

Like Google and Microsoft, Apple has also struggled with zero-day exploits and shipped a major patch a week ago to fix a pair of code execution flaws in its iOS, macOS iPadOS platforms.

So far this year, there have been 20 documented in-the-wild zero-day compromises, according to data tracked by SecurityWeek.  Security defects in code from Microsoft, Apple and Google account for 12 of the 20 zero-days in 2023.

Check Also

photo

Meta fined $101 million for storing passwords in plaintext

Meta was fined over $100 million by the EU privacy regulator on Friday due to …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin