![]() ![]() These improvements to the encryption policy are intended to provide users with greater security and privacy when using the Edge browser. ECH replaces the previous enhanced SNI (ENSI) feature. ECH is an upgraded extension of TLS that helps protect Server Name Indication (SNI) as well. This version comes with a more secure encryption policy that uses TLS-encrypted Client Hello (ECH) to enhance privacy. ![]() Microsoft has released a new stable version of its Edge browser, version 1.42. The week before, on Thanksgiving Day, Google released another emergency Chrome update to resolve a zero-day vulnerability in the GPU component, tracked as CVE-2022-4135. This emergency Chrome update comes just days after Google released Chrome 108 with patches for 28 vulnerabilities, none of which were known to be exploited in attacks. Users are advised to update to a patched iteration as soon as possible. Patches for the vulnerability have been included in Chrome 1.94 for Mac and Linux, and in Chrome 1.94/.95 for Windows. In Chrome, this can lead to deliberate code flow deviations, allowing attackers to achieve remote code execution when untrusted code is served from a malicious page. Type confusion flaws arise when a block of memory is used by a different algorithm than the one it was intended for. The flaw could allow a remote attacker to exploit heap corruption via a crafted HTML page, according to a National Vulnerability Database advisory. The high-severity security bug, tracked as CVE-2022-4262, is a ‘type confusion’ in the browser's V8 JavaScript engine. The vulnerability was identified by a Google Threat Analysis Group security researcher, Clement Lecigne. This caused Microsoft to release the updated Microsoft Edge (Version 1.42) with a fix for this issue since Edge is based on same core Chromium source code. Google has confirmed that an exploit for the vulnerability exists in the wild. It’s a bit unbelievable that Google announced an emergency Chrome 108 update on Friday to patch yet another zero-day vulnerability in the browser - the ninth to be fixed this year. Since July, Google has been patching one Chrome zero-day per month.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |