[Nulled] » Information security » Google's product, which is widely in demand among hackers from the point of view of exploitation
January 26 2023

Google's product, which is widely in demand among hackers from the

Google's product, which is widely in demand among hackers from the point of view of exploitation - Chrome, has received regular updates.

Six security holes were fixed in Chrome 109, including four that were reported to Google by external researchers, for which they received $ 25,000.

Two of them are serious post—release usage errors affecting WebTransport and WebRTC components, the discovery of which is attributed to researchers Cheech Kim and Cassidy Kim, who earned a total of $19,000.

Vulnerabilities were assigned CVE-2023-0471 and CVE-2023-0472, respectively.

Errors of this type in Chrome can be used to RCE and exit the sandbox, but in many cases they should be combined with other bugs.

The released Chrome patch also solves the problem of medium severity CVE-2023-0473 related to the confusion in ServiceWorker AP, which was reported by the KunLun laboratory.

Another error after release (CVE-2023-0474) of a similar level affects GuestView.

The full list of changes in the released assembly can be viewed in the log.

None of these vulnerabilities, according to Google's sworn assurances, were used in real conditions.

But despite the transparency policy, the company itself has repeatedly admitted that this "does not mean that exploitation did not occur."

Last year, the tech giant admitted that attackers are using more and more vulnerabilities in Chrome, which has become a whole trend.

However, the statistics do not correspond to it a bit: the number of Chrome Zero-Day vulnerabilities reached 14 in 2021, compared with 8 in 2020 and 2 in 2019, and in 2022 it decreased to 8.

But this is no longer about the foreign sector, but rather to the question of the best business practices for reputation management.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 26 January 2023 14:35
  • Publication category(s): Information security
  • Number of views of the publication: 180
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Google has announced the

Google has announced the release of Chrome 109 in a stable channel with fixes for 17 vulnerabilities, including 14

Read more
16 January 2023
Information security
An equally impressive

An equally impressive update was released by Google as part of the January patch for Android.

Read more
17 January 2023
Open Source
chromium-web-store

chromium-web-store Browser extension for google chromium (and similar forks)

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
16 January 2023
Information security
Juniper Networks has

Juniper Networks has released the first security recommendations in 2023, which cover more than 230

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +6 Total articles 6751
  • +16 Comments 4237
  • +27 Users : 6074