Tag: Chromium
-
Bulletins: Vulnerability Summary for the Week of March 10, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…
-
Hacker News: Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials
Source URL: https://cyberinsider.com/polymorphic-chrome-extensions-impersonate-password-managers-to-steal-credentials/ Source: Hacker News Title: Polymorphic Chrome Extensions Impersonate Password Managers to Steal Credentials Feedly Summary: Comments AI Summary and Description: Yes Summary: The emergence of polymorphic browser extensions presents a significant security threat, particularly to users relying on legitimate extensions for secure tasks. These malicious extensions cleverly impersonate existing ones, executing sophisticated…
-
Bulletins: Vulnerability Summary for the Week of February 17, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…
-
Hacker News: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux
Source URL: https://previnder.com/tls-ca-linux/ Source: Hacker News Title: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides a detailed technical guide on generating self-signed TLS certificates using OpenSSL and creating a custom Certificate Authority (CA) for local use, particularly for testing purposes. It…
-
Bulletins: Vulnerability Summary for the Week of February 3, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…
-
Bulletins: Vulnerability Summary for the Week of December 16, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…
-
Bulletins: Vulnerability Summary for the Week of January 20, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…
-
Bulletins: Vulnerability Summary for the Week of December 2, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…
-
Cloud Blog: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/ Source: Cloud Blog Title: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments Feedly Summary: Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user’s local device by running the browser in a secure environment,…
-
The Register: macOS HM Surf vuln might already be under exploit by major malware family
Source URL: https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/ Source: The Register Title: macOS HM Surf vuln might already be under exploit by major malware family Feedly Summary: Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.… AI Summary…