Running Chrome or a Bhromium-based browser? Check for version 98.0.4758.102, and update if you’re not running that release or better. Quick tip, use chrome://restart to trigger an immediate restart of Chrome, just like the one that comes after an update. This is super useful especially after installing an update on Linux, using apt, dnf, or the like.
CVE-2022-0609 is the big vulnerability just patched, and Google has acknowledged that it’s being exploited in the wild. It’s a use-after-free bug, meaning that the application marks a section of memory as returned to the OS, but then accesses that now-invalid memory address. The time gap between freeing and erroneously re-using the memory allows malicious code to claim that memory as its own, and write something unexpected.
Google has learned their lesson about making too many details public too early, and this CVE and associated bug aren’t easily found in in the Chromium project’s source, and there doesn’t seem to be an exploit published in the Chromium code testing suite.
Apache Cassandra
Cassandra is a popular distributed database built on the NoSQL paradigm. It’s vulnerable to CVE-2021-44521, a potentially nasty RCE ranking an 8.4 CVSS. The saving grace here is it’s a non-default configuration that’s vulnerable, requiring three specific configuration flags to be changed from defaults to be vulnerable. On the other hand, those flags all relate to Cassandra’s User Defined Functions (UDFs), something of a killer feature for the project. Those three flags are: enable_user_defined_functions and enable_scripted_user_defined_functions set to true, and enable_user_defined_functions_threads se ..
Support the originator by clicking the read the rest link below.
