Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

August 22, 2024 at 02:00AM Google has released security fixes for a high-severity vulnerability (CVE-2024-7971) in its Chrome browser, actively exploited in the wild. It’s a type confusion bug in the V8 engine. The flaw was discovered by Microsoft Threat Intelligence Center and Microsoft Security Response Center. Users are urged to update to Chrome version … Read more

Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities

April 17, 2024 at 08:48AM Google and Mozilla released security updates addressing 35+ vulnerabilities in their browsers, including high-severity flaws. Chrome 124 patch includes 22 bugs, 13 reported externally, with $65,000 in bug bounty rewards for the flaws. Firefox 125 patch resolves 15 vulnerabilities, including 9 high-severity bugs. Mozilla also announced Firefox ESR 115.10 to … Read more

Meet clickjacking’s slicker cousin, ‘gesture jacking,’ aka ‘cross window forgery’

April 3, 2024 at 02:42AM Clickjacking, an attack technique repurposing web page elements, poses ongoing challenges for browsers and developers. The latest variation, “cross window forgery,” leverages user gestures to execute attacks, with potential for account takeovers. Browser makers continue efforts to reduce risks, while experts recommend defensive measures, such as randomizing ID tag values … Read more

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities

February 21, 2024 at 06:45AM Google and Mozilla released updates for Chrome and Firefox, addressing multiple vulnerabilities. Chrome 122 resolves 12 security defects, including high-severity memory safety bugs, with bug bounties paid to researchers. Firefox 123 also addresses 12 vulnerabilities, categorized as high, medium, and low-severity flaws. Both companies state that no vulnerabilities have been … Read more