Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.
Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures.
Overall, Google’s release of Chrome 85.0.4183.121 for Windows, Mac and Linux – which will roll out over the coming days – fixed 10 vulnerabilities. The successful exploitation of the most severe of these could allow an attacker to execute arbitrary code in the context of the browser, according to Google. Google Chrome versions prior to 85.0.4183.121 are affected.
“Depending on the privileges associated with the application, an attacker could view, change or delete data,” according to Google’s Tuesday security advisory. “If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”
vulnerabilities web security chrome 85.0.4183.121 chrome browser chromium cve-2020-15961 cve-2020-15962 cve-2020-15963 cve-2020-15965 fix google google chrome google flaw out of bounds read security updates stable channel release
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's Chrome 86: Critical Payments Bug, Password Checker Among Security Notables ... Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS ...
Admins should patch their Citrix ADC and Gateway installs immediately.
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Cisco fixes high-security flaws with IP Cameras, Webex Teams, and Identity Services Engine let attackers execute remotely on an affected device. Along with this Cisco also fixes eleven medium-severity vulnerabilities in various Cisco devices.
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.