Not SimonApr 16, 2024

#PatchTuesday continues with Google Chrome: 22 security fixes, 14 were externally reported (4 high severity, 6 medium. 4 low). Object corruption is a relatively new vulnerability observed in Chrome vulnerabilities. Inappropriate implementation are a majority of the vulnerability types. No mention of exploitation in the wild. 🔗 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

#Google #Chrome #vulnerability

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac and 124.0.6367.60 to Linux which will roll out over the coming ...

Chrome Releases
Show threadNot Simon

Microsoft Security Response Center (MSRC) also dropped 14 security advisories because these "vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable." Click on this reply to see the original toot about Google Chrome's security advisory blog post. No mention of exploitation, no CVSSv3 scores provided.

  • CVE-2024-3832 Chromium: CVE-2024-3832 Object corruption in V8
  • CVE-2024-3833 Chromium: CVE-2024-3833 Object corruption in WebAssembly
  • CVE-2024-3914 Chromium: CVE-2024-3914 Use after free in V8
  • CVE-2024-3834 Chromium: CVE-2024-3834 Use after free in Downloads
  • CVE-2024-3837 Chromium: CVE-2024-3837 Use after free in QUIC
  • CVE-2024-3838 Chromium: CVE-2024-3838 Inappropriate implementation in Autofill
  • CVE-2024-3839 Chromium: CVE-2024-3839 Out of bounds read in Fonts
  • CVE-2024-3840 Chromium: CVE-2024-3840 Insufficient policy enforcement in Site Isolation
  • CVE-2024-3841 Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher
  • CVE-2024-3843 Chromium: CVE-2024-3843 Insufficient data validation in Downloads
  • CVE-2024-3844 Chromium: CVE-2024-3844 Inappropriate implementation in Extensions
  • CVE-2024-3845 Chromium: CVE-2024-3845 Inappropriate implementation in Network
  • CVE-2024-3846 Chromium: CVE-2024-3846 Inappropriate implementation in Prompts
  • CVE-2024-3847 Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI

    • #Microsoft #Chromium #Chrome #vulnerability

    Security Update Guide - Microsoft Security Response Center

    Apr 18, 2024 at 7:26pmWeb
    Show threadNot SimonApr 19, 2024

    New Microsoft Security Response Center (MSRC) security advisory for Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability CVE-2024-29991 (5.0 medium). A lot of information is revealed: attack complexity=high, and MSRC says that it would need to be used in an exploit chain for an attack. An attacker must send the user a malicious file and convince them to open it. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29991

    #CVE_2024_29991 #MSRC #Microsoft #vulnerability #Chrome

    Security Update Guide - Microsoft Security Response Center