Cloud Security, DevSecOps

Google Chrome zero-day addressed

ZDNET reports that Google has rolled out a Chrome update aimed at addressing an actively exploited zero-day vulnerability. Threat actors have been leveraging the high-severity flaw, tracked as CVE-2022-4135, which has resulted from a "heap buffer overflow in GPU," according to Google, which has already issued the update in Chrome 107.0.5304.121 for Mac and Linux, and 107.0.5304.121/.122 for Windows. While Google has chosen not to reveal details of the vulnerability until the update has been applied by most users, the NIST's National Vulnerability Database noted that the flaw could be leveraged by remote attackers in the graphics rendering process to facilitate an escape from the Chrome sandbox. "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page," said NIST. Immediate updates of the Chrome browser have been urged even though the flaw may have been in use in targeted attacks.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.