Chromium – Experimental News Clipping Site

The Register: After Chrome patches zero-day used to target Russians, Firefox splats similar bug

Mar 28, 2025

—

by

Source URL: https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ Source: The Register Title: After Chrome patches zero-day used to target Russians, Firefox splats similar bug Feedly Summary: Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability,…

Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

Mar 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Mar 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Hacker News: Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials

Mar 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cyberinsider.com/polymorphic-chrome-extensions-impersonate-password-managers-to-steal-credentials/ Source: Hacker News Title: Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials Feedly Summary: Comments AI Summary and Description: Yes Summary: The emergence of polymorphic browser extensions presents a significant security threat, particularly to users relying on legitimate extensions for secure tasks. These malicious extensions cleverly impersonate existing ones, executing sophisticated…

Bulletins: Vulnerability Summary for the Week of February 17, 2025

Feb 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

Hacker News: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux

Feb 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://previnder.com/tls-ca-linux/ Source: Hacker News Title: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides a detailed technical guide on generating self-signed TLS certificates using OpenSSL and creating a custom Certificate Authority (CA) for local use, particularly for testing purposes. It…

Bulletins: Vulnerability Summary for the Week of February 3, 2025

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…

Bulletins: Vulnerability Summary for the Week of December 16, 2024

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

Bulletins: Vulnerability Summary for the Week of January 20, 2025

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…

Bulletins: Vulnerability Summary for the Week of December 2, 2024

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…

Tag: Chromium