Overview On March 12, 2021, Google released an Update for the Chrome browser. According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks. Description The Google Chrome team has fixed 5 high severity security bugs, out … Continue reading “Google Chrome Exploit In The wild (CVE-2021-21193)”
Tag: Chrome
Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)
Recently, on 16th Feb, 2021, Google released a stable update to address a number of CVEs – CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156 and CVE-2021-21157. Multiple vulnerabilities were discovered in Google Chrome that allowed an attacker to create a security problem, which has not been specified by the publisher yet. No POC or … Continue reading “Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)”
Zero Days In-the-Wild Series (CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)
On January 12, 2021, Google Project Zero published a six-part report on hacking operation targeted for Windows and Android devices. Exploit servers in the hacking operation contained 4 Google chrome vulnerabilities, 2 sandbox escape exploits and publicly known privilege escalation n-day exploits. Of these, 4 were still zero-day at the time of its discovery. Following … Continue reading “Zero Days In-the-Wild Series (CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)”
Google Chrome V8 Type confusion Vulnerability (CVE-2020-6418)
Summary: In last week of February,2020, a type confusion vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine. Description: Details about these attacks are not yet public, and we don’t know how this bug (that has been restricted) is being used against Chrome users. V8 is Chrome’s component that is responsible for processing JavaScript … Continue reading “Google Chrome V8 Type confusion Vulnerability (CVE-2020-6418)”
WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass
Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”