Google fixes third actively exploited #Chrome zero-day in a week

Geez, #Google has pushed a #security fix for yet another zero-day exploited in the wild. Separate from the other two (tracked as CVE-2024-4947), it’s a type confusion weakness in the V8 JavaScript engine.

It affects all #Chromium based browsers. Forks (Vivaldi, Brave, Edge) should be rolling out updates. Again… so, as usual, update ASAP.

#browsers #infosec #cybersecurity

https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/

Un altro 0day critico su Google Chrome. Scoperto da Kaspersky Lab

Google ha rilasciato aggiornamenti per correggere nove vulnerabilità nel browser Chrome inclusa una nuova vulnerabilità zero-day sfruttata attivamente dagli aggressori. La vulnerabilità è identificata come CVE-2024-4947 ed è associata a un errore di Type Confusion nel motore JavaScript V8 e WebAssembly. L’errore è stato scoperto dai ricercatori di Kaspersky Lab – Vasily Berdnikov e Boris Larin il 13 maggio 2024. Le vulnerabilità di Type Confusion […]

L'articolo Un altro 0day critico su Google Chrome. Scoperto da Kaspersky Lab proviene da il blog della sicurezza informatica.

https://www.redhotcyber.com/post/un-altro-0day-critico-su-google-chrome-scoperto-da-kaspersky-lab/
https://www.redhotcyber.com/feed

https://poliverso.org/display/0477a01e-ebf17c1a-3fd94b146f3d60d7

Patch Tuesday, followed by Exploit Wednesday.

#CVE_2024_4947

Google Chrome Zero-day Vulnerability (CVE-2024-4947)

Date: May 16, 2024

CVE: CVE-2024-4947

Vulnerability Type: Type Confusion

CWE: [[CWE-843]]

Sources: Cybersecurity News Chrome release Blog

Issue Summary

Google has released an emergency update for Chrome to address a high-severity zero-day vulnerability, CVE-2024-4947. Discovered by Kaspersky researchers, this flaw is being actively exploited in the wild and affects the V8 JavaScript engine. The vulnerability allows attackers to perform remote code execution by exploiting a type confusion bug.

Technical Key Findings

CVE-2024-4947 is a type confusion bug in the V8 JavaScript engine, leading to heap corruption. Attackers can craft malicious HTML pages to exploit this flaw, enabling arbitrary code execution on the victim’s system.

Vulnerable Products

• Google Chrome versions before 125.0.6422.60 on Linux
• Google Chrome versions before 125.0.6422.60/.61 on Windows and Mac

Impact Assessment

If exploited, this vulnerability can lead to remote code execution, allowing attackers to gain control of the affected system. This poses significant security risks, including potential data breaches and system compromise.

Patches or Workaround

Google has released patches for this vulnerability. Users are advised to update to Chrome version 125.0.6422.60 or later on Linux and 125.0.6422.60/.61 or later on Windows and Mac.

Tags

#CVE-2024-4947 #GoogleChrome #ZeroDay #TypeConfusion #RemoteCodeExecution #CyberSecurity #BrowserSecurity #Patches

Microsoft: Release notes for Microsoft Edge Security Updates
Microsoft doesn't mention the CVE by name, but they're talking about CVE-2024-4947:

May 15, 2024 Microsoft is aware of the recent exploits existing in the wild. We are actively working on releasing a security fix.

cc: @ligniform

#zeroday #eitw #activeexploitation #chrome #chromium #microsoft #CVE_2024_4947

@ligniform I agree in part, disagree in part. The exploited vulnerabilities in V8 JavaScript engine have only been documented in Chromium based browsers like Edge, Opera, Vivaldi, Brave, etc.

LibwebP was a rare case last year that Google incorrectly limited the vulnerability's scope to only identify Google Chrome when in reality it impacted plenty of downstream libraries and apps.

Expect to see a Microsoft Security Response Center (MSRC) security advisory probably tomorrow for CVE-2024-4947.

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html

Google is aware that an exploit for CVE-2024-4947 exists in the wild.

What is this, 3 Chrome 0-days in like 2 weeks?

CVE-2024-4947 – Une troisième faille zero-day corrigée dans Google Chrome en une semaine ! https://www.it-connect.fr/cve-2024-4947-faille-zero-day-dans-google-chrome/ #ActuCybersécurité #Vulnérabilités #Cybersécurité #Chrome #Google

One more reason to not use Chrome!

Google fixes third actively exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

"Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday.

The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8 JavaScript engine reported by Kaspersky's Vasily Berdnikov and Boris Larin.

Although such flaws generally enable threat actors to trigger browser crashes by reading or writing memory out of buffer bounds, they can also exploit them for arbitrary code execution on targeted devices.

The other two actively exploited Chrome zero-days patched this week are CVE-2024-4671 (a use-after-free flaw in the Visuals component) and CVE-2024-4761 (an out-of-bounds write bug in the V8 JavaScript engine)

#News #Security #CyberSecurity #Tech #Google #Chrome #ZeroDay

https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/

Time to upgrade git y'all https://www.helpnetsecurity.com/2024/05/16/git-cve-2024-32002/

We managed to find this 0-day twice! First as a description of a vulnerability, then as a real exploit used by attackers. https://securelist.com/cve-2024-30051/112618/

Palo Alto Networks security advisory: CVE-2024-3661 Impact of TunnelVision Vulnerability
Palo Alto Networks evaluated the TunnelVision vulnerability and determined that GlobalProtect app on Linux is affected (Palo Alto Networks plans to release a patch in an upcoming major release). For All versions of GlobalProtect app on Windows and macOS without Endpoint Traffic Policy Enforcement set to All Traffic are affected (Endpoint Traffic Policy Enforcement is disabled by default). All versions of GlobalProtect app on iOS without IncludeAllNetworks set to 1 are affected.

Interestingly, Palo Alto Networks uses CVSSv4.0 for CVE-2024-3661 and rates it 2.1 low severity.

#PaloAltoNetworks #CVE_2024_3661 #TunnelVision

Uptycs: New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware
Unknown financially-motivated threat actors have been exploiting Log4Shell CVE-2021-44228 (10.0 critical, disclosed 10 December 2021 by Apache as an exploited zero-day in Log4j 2) to deploy XMRig cryptominers since January 2024. Affected countries include China (top), followed by Hong Kong, Netherlands, Japan, United States, Germany, South Africa, and Sweden. Four distinct sets of servers establish communication with compromised IP and send shell scripts for XMRig deployment, or disseminating Mirai or Gafgyt malware. IOC provided.

#threatintel #CVE_2021_44228 #Log4Shell #Log4j #IOC #XMrig #mirai #gafgyt

Resumen de las últimas 24 horas en seguridad informática: Detectada explotación del CVE-2024-3400 en GlobalProtect de Palo Alto Networks y campaña de malvertising con ransomware. Además, Chrome 125 llega con mejoras, ataque de phishing a cuentas comerciales de Meta y FBI interviene BreachForums. Binario Go malicioso en PyPI alerta sobre amenazas. Descubre estos eventos y más en el listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 16/05/24 📆 |====

🔒 DETECTANDO LA COMPROMISIÓN DEL CVE-2024-3400 EN DISPOSITIVOS GLOBALPROTECT DE PALO ALTO NETWORKS

Volexity alerta sobre la explotación de día cero del CVE-2024-3400 en la función GlobalProtect de Palo Alto Networks PAN-OS. ¿Tu seguridad está en riesgo? Descúbrelo aquí ➡️ https://djar.co/5ENtS

🔒 NUEVA CAMPAÑA DE MALVERTISING CONDUCE A RANSOMWARE A TRAVÉS DE INSTALADORES TROJANIZADOS DE WINSCP Y PUTTY

¡Cuidado! Una peligrosa campaña de malvertising busca infectar a usuarios que descargan WinSCP y PuTTY. Protege tus datos ahora ➡️ https://djar.co/72HM

🔒 CANAL ESTABLE ACTUALIZADO PARA ESCRITORIO

¡Gran noticia! Chrome 125 llega al canal estable para Windows, Mac y Linux. Descubre las últimas novedades y mejoras aquí ➡️ https://djar.co/CGMQ5g

🔒 ATAQUE A LA CIBERSEGURIDAD QUE APUNTA A CUENTAS COMERCIALES DE META

Evita ser víctima de un sofisticado ataque de phishing dirigido a cuentas comerciales de Meta. ¡Protege tu información empresarial hoy mismo! ➡️ https://djar.co/B9C4q

🔒 FBI CONFISCA FORO DE HACKING BREACHFORUMS UTILIZADO PARA FILTRAR DATOS ROBADOS

El FBI toma acciones contra BreachForums, el foro utilizado para el comercio de datos corporativos robados. ¿Conoces la historia detrás de esta operación? Descúbrela aquí ➡️ https://djar.co/Bs2n

🔒 BINARIO GO MALICIOSO ENTREGADO A TRAVÉS DE ESTEGANOGRAFÍA EN PYPI

Phylum identifica un binario Go malicioso en PyPI oculto en una publicación sospechosa. ¡Mantente informado sobre las últimas amenazas informáticas! ➡️ https://djar.co/J9woRI

Hot off the press! CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

• CVE-2024-4761 (pending score) Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
• CVE-2021-40655 (7.5 high) D-Link DIR-605 Router Information Disclosure Vulnerability
• CVE-2014-100005 (CVSS*v2* 6.8 medium) D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability

Link is future-proofed so it should work when it becomes available

cc: @hrbrmstr @campuscodi

#eitw #zeroday #vulnerability #cve #activeexploitation #kev #knownexploitedvulnerabilitiescatalog #cisa #dlink #chrome #CVE_2024_4761 #CVE_2021_40655 #CVE_2014_100005

One more reason to not use Chrome!

Google fixes third actively exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

"Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday.

The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8 JavaScript engine reported by Kaspersky's Vasily Berdnikov and Boris Larin.

Although such flaws generally enable threat actors to trigger browser crashes by reading or writing memory out of buffer bounds, they can also exploit them for arbitrary code execution on targeted devices.

The other two actively exploited Chrome zero-days patched this week are CVE-2024-4671 (a use-after-free flaw in the Visuals component) and CVE-2024-4761 (an out-of-bounds write bug in the V8 JavaScript engine)

#News #Security #CyberSecurity #Tech #Google #Chrome #ZeroDay

https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/

Foxit PDF Reader Users Targeted by Malicious PDF Exploit

Date: May 15, 2024
CVE: CVE-2023-36033
Vulnerability Type: Remote Code Execution (RCE)
CWE: [[CWE-20]], [[CWE-78]], [[CWE-94]]
Sources: GBHackers, Checkpoint Research

Issue Summary

Researchers have identified a critical vulnerability in Foxit PDF Reader that allows attackers to execute malicious code on users' systems by exploiting a design flaw in the application's security warnings. The flaw makes it easy for attackers to trick users into approving malicious actions, leading to unauthorized access and data theft.

Technical Key Findings

The vulnerability stems from Foxit Reader's handling of security warnings, which default to an "OK" option. This flaw enables attackers to craft malicious PDFs that, when opened, prompt the user to approve actions unknowingly. Once approved, these actions can download and execute malicious code from a remote server, bypassing standard security detections.

Vulnerable Products

• Foxit Reader

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive data, remote control of the affected device, and the ability to deploy various malware such as VenomRAT, Agent-Tesla, and others. This can result in data breaches, espionage, and further propagation of malware.

Patches or Workarounds

Foxit has acknowledged the issue and that it would be resolved in version 2024 3.

Tags

#FoxitPDF #CVE2023-36033 #RemoteCodeExecution #Malware #CyberSecurity #APT #VulnerabilityPatch #DataBreach

Apple walks back CVE-2024-27804, claims it’s non-exploitable & offers security researcher paltry $1,000 bounty https://www.idownloadblog.com/2024/05/15/apple-walks-back-cve-2024-27804-claims-its-non-exploitable-offers-security-researcher-paltry-1000-bounty

Ya boy @screaminggoat staying on top of JetBrains--and their lack of security advisories. On 03 May 2024, JetBrains announced a new TeamCity version (see parent toot above). Today, those unidentified security fixes were assigned CVEs:

• CVE-2024-35300 (CVSSv3: 3.5 low) In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
• CVE-2024-35301 (5.5 medium) In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
• CVE-2024-35302 (5.4 medium) In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

cc: @campuscodi

#CVE_2024_35300 #CVE_2024_35301 #CVE_2024_35302 #CVE #TeamCity

Hot off the press! CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

• CVE-2024-4761 (pending score) Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
• CVE-2021-40655 (7.5 high) D-Link DIR-605 Router Information Disclosure Vulnerability
• CVE-2014-100005 (CVSS*v2* 6.8 medium) D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability

Link is future-proofed so it should work when it becomes available

cc: @hrbrmstr @campuscodi

#eitw #zeroday #vulnerability #cve #activeexploitation #kev #knownexploitedvulnerabilitiescatalog #cisa #dlink #chrome #CVE_2024_4761 #CVE_2021_40655 #CVE_2014_100005

Hot off the press! CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

• CVE-2024-4761 (pending score) Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
• CVE-2021-40655 (7.5 high) D-Link DIR-605 Router Information Disclosure Vulnerability
• CVE-2014-100005 (CVSS*v2* 6.8 medium) D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability

Link is future-proofed so it should work when it becomes available

cc: @hrbrmstr @campuscodi

#eitw #zeroday #vulnerability #cve #activeexploitation #kev #knownexploitedvulnerabilitiescatalog #cisa #dlink #chrome #CVE_2024_4761 #CVE_2021_40655 #CVE_2014_100005

One more reason to not use Chrome!

Google fixes third actively exploited Chrome zero-day in a week

Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.

"Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday.

The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8 JavaScript engine reported by Kaspersky's Vasily Berdnikov and Boris Larin.

Although such flaws generally enable threat actors to trigger browser crashes by reading or writing memory out of buffer bounds, they can also exploit them for arbitrary code execution on targeted devices.

The other two actively exploited Chrome zero-days patched this week are CVE-2024-4671 (a use-after-free flaw in the Visuals component) and CVE-2024-4761 (an out-of-bounds write bug in the V8 JavaScript engine)

#News #Security #CyberSecurity #Tech #Google #Chrome #ZeroDay

https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/

Update your #VMwareFusion and #VMwareWorkstation ASAP: Multiple vulnerabilities in the bluetooth support allow malicious VM guests to gain code execution on the host system and/or read the hypervisor memory. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 #VMware #vulnerability #infosec #cybersecurity #CVE_2024_22267 #CVE_2024_22268 #CVE_2024_22269 #CVE_2024_22270

Update your #VMwareFusion and #VMwareWorkstation ASAP: Multiple vulnerabilities in the bluetooth support allow malicious VM guests to gain code execution on the host system and/or read the hypervisor memory. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 #VMware #vulnerability #infosec #cybersecurity #CVE_2024_22267 #CVE_2024_22268 #CVE_2024_22269 #CVE_2024_22270

Update your #VMwareFusion and #VMwareWorkstation ASAP: Multiple vulnerabilities in the bluetooth support allow malicious VM guests to gain code execution on the host system and/or read the hypervisor memory. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 #VMware #vulnerability #infosec #cybersecurity #CVE_2024_22267 #CVE_2024_22268 #CVE_2024_22269 #CVE_2024_22270

Update your #VMwareFusion and #VMwareWorkstation ASAP: Multiple vulnerabilities in the bluetooth support allow malicious VM guests to gain code execution on the host system and/or read the hypervisor memory. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 #VMware #vulnerability #infosec #cybersecurity #CVE_2024_22267 #CVE_2024_22268 #CVE_2024_22269 #CVE_2024_22270