Patch/Configuration Management, Vulnerability Management

Chrome’s newest version contains 33 security fixes; Cisco patches two critical vulnerabilities

On the same day that Cisco issued 12 advisories addressing vulnerabilities in its product line –all but one resolved via updates – Google yesterday announced the stable release of Chrome 53, which contains 33 of its own security fixes.

Of the dozen flaws Cisco disclosed in its alert, two are critical: an SNMP (Simple Network Management Protocol) unauthorized access vulnerability in Cisco Small Business 22 Series Smart Plus Switches, and an arbitrary code execution vulnerability in its WebEx Meetings Player.

The former could allow a remote attacker to gain unauthorized access to SNMP objects on an affected device “due to the presence of a default SNMP community string that is added during device installation and cannot be deleted,” Cisco explained in its alert. The latter vulnerability stems from the improper handling of user-supplied files and could allow remote attackers to execute code upon tricking users into opening a malicious file on the WebEx software.

Cisco resolved all of the disclosed flaws with firmware or software updates, except for an authenticated directory traversal vulnerabilities in the web interface of Cisco Hosted Collaboration Mediation Fulfillment. This medium level threat, if exploited, could allow a remote attacker to access arbitrary files on the system.

Meanwhile, Google's release of Chrome 53 for Windows Mac and Linux, which will roll out over the coming weeks, includes fixes for 13 high-level security issues. Google is withholding details until most users have been updated. However, the bugs have been categorized as universal cross-site scripting in the Chromium browser engine Blink; script injections in extensions; user-after-free in Blink, PDFium and event bindings; heap overflow in PDFium; use-after-destruction in Blink; and address bar spoofing.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.