CVE-2023-4863: Heap buffer overflow in WebP (Chrome)

Link: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Discussion: https://news.ycombinator.com/item?id=37478403

#chrome

Google a corrigé la quatrième faille zero-day de Chrome de l’année 2023 ! https://www.it-connect.fr/google-chrome-zero-day-cve-2023-4863/ #Vulnérabilité #Logiciel-OS #Sécurité #Chrome #Google #Web

La nouvelle fonctionnalité #PrivacySandbox du navigateur #Chrome de #Google vous met en danger. Changez de navigateur, vite ! https://blog.byl.fr/chrome-vous-traque-chrome-vous-met-en-danger

#Google vous suit nativement dans #Chrome et informe les sites tiers qui en font la demande de votre intérêt pour les sites LGBTQ. Ce faisant, Google vous met en danger. Vous n'êtes PAS en sécurité avec Chrome. Changez de navigateur.

SecurityWeek: Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters https://www.securityweek.com/google-patches-chrome-zero-day-reported-by-apple-spyware-hunters/ #Vulnerabilities #exploited #Featured #Zero-Day #spyware #Chrome

Jetzt patchen! Attacken auf kritische Schadcode-Lücke in Chrome naheliegend

Google warnt vor Exploitcode für eine Schwachstelle in Chrome. Eine abgesicherte Version des Webbrowsers ist verfügbar.

https://www.heise.de/news/Jetzt-patchen-Attacken-auf-kritische-Schadcode-Luecke-in-Chrome-naheliegend-9301825.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Chrome #Security #Sicherheitslücken #Exploit #news

「 #Google 、悪用された #Chrome の重大な #脆弱性 への #パッチ 適用を急ぐ - 今すぐ更新」： The Hacker News

「
Sep 12, 2023THNBrowser Security / Zero Day
Chromeの脆弱性

Googleは月曜日、Chrome Webブラウザの重大なセキュリティ上の欠陥に対処するため、アウトオブバンドのセキュリティパッチを公開し、この脆弱性が悪用されていると発表した。

この問題はCVE-2023-4863 として追跡されており 、 WebP 画像形式 に存在する ヒープ バッファ オーバーフロー のケースとして説明されており 、これにより任意のコードの実行やクラッシュが発生する可能性があります。 」

https://thehackernews.com/2023/09/google-rushes-to-patch-critical-chrome.html

#prattohome #TheHackerNews

Chrome feiert 15. Geburtstag mit neuem Look und umstrittenem Cookie-Ersatz
https://www.derstandard.at/story/3000000186324/chrome-feiert-15-geburtstag-mit-neuem-look-und-umstrittenem-cookie-ersatz #Webbrowser #Browser #Chrome

New Version: #Google #Chrome 116.0.5845.188 (stable;x86) #Chromium https://www.google.com/chrome

A thin candy shell of surveillance #chrome #browsers

SecurityOnline: CVE-2023-4863: New Chrome 0-day Bug Under Active Attacks https://securityonline.info/cve-2023-4863-new-chrome-0-day-bug-under-active-attacks/ #Vulnerability #CVE-2023-4863 #chrome #0day

SecurityAffairs: GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023 https://securityaffairs.com/150657/hacking/google-fixed-the-fourth-chrome-zero-day-of-2023.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SecurityAffairs #CVE-2023-4863 #BreakingNews #SecurityNews #hackingnews #Security #Hacking #zeroDay #Chrome

Google fixes another #Chrome zero-day bug exploited in attacks ⚠️

https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

Google Chrome launches built-in user tracking for advertisers - Chrome’s Privacy Sandbox tracks users’ behavior within the browse... - https://cointelegraph.com/news/google-chrome-launches-built-in-user-tracking-advertisers #advertising #privacy #chrome #google #data #ads

With all the negative privacy rumblings about Chrome and how wonderful Firefox is, I thought I'd try Firefox as my default browser. As expected, it's not a simple switch trying to get 1Password 7 to work, and fixing all my automations. I'll keep slogging at it until I encounter a show-stopper. For scripting I rely on Chrome's single file page save a lot, which Firefox doesn't seem to have, although I've installed an extension.

#Google #Chrome #Firefox

Malwarebytes Labs
Password-stealing Chrome extension smuggled on to Web Store

Posted: September 5, 2023 by Mark Stockley

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3.

https://www.malwarebytes.com/blog/news/2023/09/password-stealing-chrome-extension-smuggled-on-to-web-store?utm_source=blueshift&utm_medium=email&utm_campaign=b2c_pro_oth_20230911_septemberweeklynewsletter_v2_169413600204&utm_content=chrome_extensions

#PasswordCollecting #BrowserExtensions #Chrome #malware

Nice quick update on the new more invasive ad settings on #chrome and how to opt out. I found it fast and easy to opt out and I urge you to do the same if you like me are still using that shiny shiny Chrome. https://theconversation.com/google-chrome-just-rolled-out-a-new-way-to-track-you-and-serve-ads-heres-what-you-need-to-know-213150 #privacy

@nosherwan so basically, Google asked its A.I. what privacy means and of course the A.I. was hallucinating.
#privacy
#google
#chrome
#browser

I realize I'm late to the party, but I just dumped #Chrome in favor of #Firefox. I'm not generally anti-tracker, but lately Chrome feels like a bridge too far.

The idea, #Google hopes, is that #Topics will survive privacy legislation that bans "compiling a dossier" style #adtech #tracking

They are piloting it now to see if it works. Because of Google's dominance over the browser ecosystem with #Chrome and over online advertising generally, they're the only entity in a position to do something like this.

/9