The Virtual Pub

Come Inside... => The Computer Room => Topic started by: Steve on February 06, 2021, 02:30:19 PM

Title: Chrome security bug
Post by: Steve on February 06, 2021, 02:30:19 PM

Chrome's been showing an Update link since Thursday.   Seems it would be a very good idea to do it.
 
'Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser.

In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are apparently already abusing:'

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/   (other sources are available)

Title: Re: Chrome security bug
Post by: Barman on February 06, 2021, 03:24:01 PM

Quote from: Steve on February 06, 2021, 02:30:19 PM

Chrome's been showing an Update link since Thursday.   Seems it would be a very good idea to do it.
 
'Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser.

In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are apparently already abusing:'

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/   (other sources are available)

 Thumbs:

Title: Re: Chrome security bug
Post by: Nick on February 06, 2021, 03:24:54 PM

 rubschin:

Title: Re: Chrome security bug
Post by: Just One More on February 06, 2021, 04:01:57 PM

Quote from: Barman on February 06, 2021, 03:24:01 PM

Quote from: Steve on February 06, 2021, 02:30:19 PM

Chrome's been showing an Update link since Thursday.   Seems it would be a very good idea to do it.
 
'Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser.

In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are apparently already abusing:'

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/   (other sources are available)

 Thumbs:

Sorted, thanks  Thumbs: Thumbs:

Title: Re: Chrome security bug
Post by: Steve on February 06, 2021, 06:41:27 PM

Not a cheering read unless you own an Apple device https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security/amp/
 
“In the worst case, a couple of zero-days that I discovered were an issue of the vendor fixing something on one line of code and, on literally the next line of code, the exact same type of vulnerability was still present and they didn’t bother to fix it,”