Request a Quote

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

We Keep you Connected

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers
Your email has been sent
Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code.
It’s time to update Google Chrome, Mozilla’s Firefox or Thunderbird, Microsoft Edge, the Brave browser or Tor Browser; web development news site StackDiary has reported a zero-day vulnerability in all six browsers that could allow threat actors to execute malicious code.
Jump to:
Users of the affected browsers should update to the most up-to-date version in order to ensure the zero-day vulnerability is patched on their machines. The problem isn’t with the browsers — the vulnerability originates in the WebP Codec, StackDiary discovered.
Other affected applications include:
Apps built on Electron may also be affected; Electron released a patch.
Many applications use the WebP codec and libwebp library to render WebP images, StackDiary noted.
SEE: Check Point Software finds that cybersecurity attacks are coming from both the new school (AI) and the old school ( mysteriously dropped USBs). (TechRepublic) 
In more detail, a heap buffer overflow in WebP allowed attackers to perform an out-of-bounds memory write, NIST said. A heap buffer overflow allows attackers to insert malicious code by “overflowing” the amount of data in a program, StackDiary explained. Since this particular heap buffer overflow targets the codec (essentially a translator that lets a computer render WebP images), the attacker could create an image in which malicious code is embedded. From there, they could steal data or infect the computer with malware.
The vulnerability was first detected by the Apple Security Engineering and Architecture team and The Citizen Lab at The University of Toronto on September 6, StackDiary said.
Google, Mozilla, Brave, Microsoft and Tor have released security patches for this vulnerability. Individuals running those apps should update to the latest version. In the case of other applications, this is an ongoing vulnerability for which patches may not exist; NIST noted that the vulnerability has not yet received full analysis.
NIST classified the vulnerability as severe and recommends users stop using applications for which a patch is not yet available. Check your application individually as needed.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Software automation is used for many business and IT processes, depending on industry vertical and individual company business and IT needs. These guidelines from TechRepublic Premium provide general categories of consideration that should be taken into account as part of your due diligence during the formation of a software automation policy. From the guidelines: WHO …
In rare, but not unprecedented circumstances, local law enforcement or other official local authorities will issue a shelter-in-place order. Typically, such an order applies to a small geographical area that may include one or more enterprise facilities. Shelter-in-place orders usually last for a few hours. This policy from TechRepublic Premium will certify compliance with the …
Without appropriate access management controls, businesses are at significant risk from the loss or theft of both physical and digital assets. Access management controls establish who is allowed the appropriate level of access in order to do their jobs, while reducing the potential for damage or harm to the company. The purpose of this policy …
The purpose of this policy from TechRepublic Premium is to provide guidelines for the proper use of peer-to-peer file sharing. It includes an authorization form for approval of P2P file transmission, which sets the conditions and parameters in which this data exchange must occur. From the policy: P2P applications should only be used to send …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE