Reported by Mark Brand of Google Project Zero on High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Quang Nguyễn of Viettel Cyber Security and Nguyen Phuong on High CVE-2023-2933: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on High CVE-2023-2932: Use after free in PDF. High CVE-2023-2931: Use after free in PDF. High CVE-2023-2930: Use after free in Extensions. High CVE-2023-2929: Out of bounds write in Swiftshader. Please see the Chrome Security Page for more information. Below, we highlight fixes that were contributed by external researchers. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed," it added.Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Google said it was aware that an exploit for the bug exists in the wild, but may restrict access to bug details and links until a majority of users are updated with a fix. The vulnerability was reported on July 19 by Ms Ashley Shen and Mr Christian Resell of the Google Threat Analyst Group. The vulnerability is a high-severity security issue linked to "Intents” - a feature that enables launching applications and web services directly from a web page, Bleeping Computer reported. They are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly. SingCERT has advised Google Chrome users on Windows, Mac and Linux computers to install the latest security updates immediately. The security fix for this bug is included in an update currently being rolled out, and users who have automatic updates turned on are expected to receive it in the coming days or weeks, according to technology website Bleeping Computer. The high-severity vulnerability is "being exploited in the wild", or active and can be found in devices belonging to ordinary users. Google did not provide further information, but released Chrome 1.101 for Mac and Linux, and Chrome 1.102/101 for Windows to address multiple vulnerabilities. SINGAPORE - Google Chrome users should install the latest security updates immediately, following reports that hackers are exploiting a "high-severity vulnerability" flaw, the Singapore Computer Emergency Response Team (SingCERT) said on Friday (Aug 19).
0 kommentar(er)
