Google released an update today for its Chrome web browser that patches ten security bugs. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.183 across Windows, Mac, and Linux platforms. About the security bugs The Chrome team has issued updates for several security fixes. Among these security bugs, 7 … Continue reading “Google Fixes Second Chrome Zero Day”
Tag: zero day
Microsoft Windows Kernel Zero-Day Vulnerability Alert
Security researchers from Google’s Project Zero have disclosed a zero-day vulnerability yesterday (tracked as CVE-2020-17087) in the Windows operating system which is currently being exploited in the wild. According to Google’s Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov, the bug allows an attacker to escalate their privileges in Windows. Attackers are abusing the … Continue reading “Microsoft Windows Kernel Zero-Day Vulnerability Alert”
Google Chrome Actively Attacked In the Wild
On October 20, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.111 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or … Continue reading “Google Chrome Actively Attacked In the Wild”
Zero-Day Vulnerabilities in Microsoft (CVE-2020-1464, CVE-2020-1380)
For August 2020 Patch Tuesday, Microsoft has rolled out 120 security updates across 13 different products including Windows, Edge (EdgeHTML-based and Chromium-based), Office, Internet Explorer (IE), ChakraCore and Developer Tools such as .NET Framework, ASP.NET, and Visual Studio. Out of these vulnerabilities, 17 are classified as Critical and 103 are classified as Important. The 17 … Continue reading “Zero-Day Vulnerabilities in Microsoft (CVE-2020-1464, CVE-2020-1380)”
Zero-days of Pandemic Year till August, 2020
With more than half of 2020 behind us, Google Security Researchers of Google’s Project Zero security team compared the vulnerability stats of the year with the stats from 2019. Interestingly, by this month last year, the same numbers of zero-days were detected in the wild as this year. Qualys has been uptodate with all the … Continue reading “Zero-days of Pandemic Year till August, 2020”
Zoom Client for Windows Remote Code Execution Vulnerability
Earlier this week a report published for remote code execution vulnerability in Zoom Client for Windows. This bug is reported to 0patch Team by a researcher who wants to keep their identity private. Vulnerability Details A vulnerability has been discovered in Zoom Client that could allow for arbitrary code execution. It is affected to any … Continue reading “Zoom Client for Windows Remote Code Execution Vulnerability”
Netgear Stack Overflow to Remote Code Execution Vulnerability
Summary: A sensitive and yet extreme scope changing vulnerability was disclosed as zero-day recently in Netgear Routers. Adam, who has deep-dived into Netgear routers had tested various models and firmware has come up with this idea of this vulnerability. As an organization, Netgear it trying to workaround for the same, henceforth, no official advisory or … Continue reading “Netgear Stack Overflow to Remote Code Execution Vulnerability”
Ripple20: Multiple Zero Day Vulnerabilities in Treck TCP/IP stack
Treck IP stack implementations for embedded systems are affected by multiple zero-day vulnerabilities. Total 19 vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc have been discovered by the JSOF research lab, who calls them Ripple20. Treck TCP/IP Stack Treck IP network stack is designed for and used in a variety of embedded systems. The software is often licensed and integrated … Continue reading “Ripple20: Multiple Zero Day Vulnerabilities in Treck TCP/IP stack”
Zoom client for Windows UNC path injection vulnerability
Summary: ‘UNC path injection’ vulnerability was observed critically in Zoom client for Windows while the work form home and online education conferences are new normal. This leads remote attackers to steal login credentials for victims’ Windows systems. Description: A critical zero-day vulnerability in zoom video conferencing app. This vulnerability was found in windows client of … Continue reading “Zoom client for Windows UNC path injection vulnerability”
Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)
Summary: Amidst the global pandemic, there has been an emerge of a zero-day reported in Microsoft Windows. On March 23, Microsoft acknowledged the existence of a critical security vulnerability in multiple versions of Windows and Windows Server, in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Description: … Continue reading “Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)”