Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)

Google has released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Tracked as CVE-2023-4863, the CVE has been rated critical by Google. Google is aware of the active exploitation of the vulnerability. CVE-2023-4863 is a Heap Buffer Overflow vulnerability in WebP image format. The vulnerability may allow an attacker … Continue reading “Google Chrome Zero-day Heap Overflow Vulnerability (CVE-2023-4863)”

Apache HTTP2 Header Memory Corruption Vulnerability (CVE-2020-9490, CVE-2020-11984, CVE-2020-11993)

Summary Apache, officially known as Apache HTTP Server, is an open-source and free web server software that powers most of the websites around the world. Recently, one Critical and two High severity flaws were fixed in Apache httpd 2.4.44. These flaws were tracked as CVE-2020-9490, CVE-2020-11984, and CVE-2020-11993 – out of which,  CVE-2020-9490 is the … Continue reading “Apache HTTP2 Header Memory Corruption Vulnerability (CVE-2020-9490, CVE-2020-11984, CVE-2020-11993)”

AES-GCM bug in the firmware of Google’s Titan M chip (CVE-2019-9465)

Summary: An android bug was observed in Google’s Android smartphones, using the Titan M chip through the Android Keystore API for AES-GCM in a specific way lead to predictable and bogus ciphertext. Description: Android Keystore, StrongBox and the Titan M chip are the key components that leads to this bug’s discovery. The Android Keystore is … Continue reading “AES-GCM bug in the firmware of Google’s Titan M chip (CVE-2019-9465)”

Google Chrome V8 Type confusion Vulnerability (CVE-2020-6418)

Summary: In last week of February,2020, a type confusion vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine.  Description: Details about these attacks are not yet public, and we don’t know how this bug  (that has been restricted) is being used against Chrome users. V8 is Chrome’s component that is responsible for processing JavaScript … Continue reading “Google Chrome V8 Type confusion Vulnerability (CVE-2020-6418)”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”