Google Rolls Out Emergency Fix to Address Vulnerabilities
Google has rolled out an emergency Chrome security update to prevent vulnerabilities and save users' devices. In a security advisory, the search giant stated, Google is aware that an exploit for CVE-2023-2033 exists in the wild." The update is designed for the desktop version of the Chrome web browser. Users can use the security update on their Chrome installations.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.GoogleThe said high-severity flaw is traced as CVE-2022-4135. Google's threat analysis groups' Clement Lecigne, identified the flaw as a heap buffer overflow in GPU.
The Overflow and The RemedyUsually, heap buffer overflow refers to an accidental overflow of data that brings in consequences like unexpected behavior by processes that access the affected memory area. In addition, it may also lead to data corruption.
With the new update, Chrome will include various fixes like fuzzing, internal audits, etc.Leveraging heap buffer overflow, attackers tend to override an application's memory and attempt to manipulate its path of execution. This, further, may result in arbitrary code execution or unrestricted information access.
Usually, sophisticated hackers implement these flaws to carry out highly targeted attacks.
To prevent this abuse, Google has advised Chrome Users to upgrade the version to 107.0.5304.121/122 (Windows) or 107.0.5304.122 (Linux and Mac).
Users can update Chrome by heading to settings and clicking on About Chrome.' Then, they will need to wait for the download of the latest version to be completed. They can start accessing the updated version by restarting the program.
Google advises users to install the new version as soon as possible to save their devices from being unexpectedly hijacked.
The Western Digital SwindleAs Google rolls out the update, disc Western Digital has been vocal about a recent vulnerability they experienced. According to the company, some extortionists have started claiming they have been the mastermind behind a ransomware infection at Western Digital.
According to the claim of the said hijackers, they have seized approximately 10 terabytes of internal data from WD.The miscreants declared that they are not ejected from the company's systems yet - but they will leave and keep all the stolen data unrevealed if Western Digital pays them an 8-figure ransom.
They have also said that once they receive the ransom, they will share how they got access to the company's sensitive data.
The set of data includes employee and customer information, cryptographic key details, digitally signed certificates, and many other legit WD materials.
The attackers have also claimed to have stolen data from the company's SAP back-office instance, emails, and other cloud services.
The perpetrator claims that the pool of information stolen was not at all encrypted.
Initially, Western Digital was quiet about the attack, but the company declared it on the 2nd of April this year. According to WD, they identified the attack on March 26, and it has been under investigation since then. The thieves are now constantly threatening WD that if the company doesn't grant their request, they will publish the stolen data on a website of the Alphv ransomware gang.
The post Google Rolls Out Emergency Fix to Address Vulnerabilities appeared first on The Tech Report.