Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)

Google has released security updates for its Windows and Android users to address a high-severity, zero-day vulnerability in its Chrome browser. The vulnerability was discovered by Jan Vojtesek from the Avast Threat Intelligence team on 1st July. Tracked as CVE-2022-2294, the vulnerability is a heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. This … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)”

Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)

Earlier this year, Qualys discovered a heap-based buffer overflow in Sudo, named ‘Baron Samedit’ (CVE-2021-3156). Baron Samedit A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges. Baron Samedit is exploitable by any local user (normal users and … Continue reading “Aruba AirWave Web-Based Management Interface Stored Cross Site Scripting (XSS) Vulnerability (CVE-2021- 37715)”

Google Chrome Heap Buffer Overflow Vulnerability (CVE-2021-21148)

Overview On 4th February 2021, Google released an update to fix a critical heap buffer overflow vulnerability (CVE-2021-21148) in the Chrome browser. It has been fixed in Chrome version 88.0.4324.150 for Windows, Mac, and Linux OS. The vulnerability was found in Google’s open-source JavaScript and WebAssembly engine called V8. Successful exploitation of this vulnerability could … Continue reading “Google Chrome Heap Buffer Overflow Vulnerability (CVE-2021-21148)”