Chromium Advisory: Critical RCE Threat Requires Immediate Action
Sep 13, 2024
•
Brittany Day
2 - 3 min read
Hello Linux users,
A recent Chromium vulnerability impacting Chrome versions before 128.0.6613.119 allows remote attackers to gain control of a victim's machine by running arbitrary code that executes on their behalf, steal sensitive information, install malware or ransomware, and even obtain unauthorized entry to systems. As a regular Chrome user, to say that these repercussions have me alarmed is an understatement!
Find out more about this severe remote code execution flaw and the impact it could have on your systems! I'll explain:
- This recent Chromium bug and its impact.
- How to determine if you are affected.
- How to update Chrome to mitigate your risk.
Read on to learn about another significant flaw in the Linux kernel that could lead to data theft and service disruption, among other severe consequences.
If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Stay safe out there,
ChromiumThe DiscoveryA new remote code execution (RCE) Chromium vulnerability impacting Chrome versions before 128.0.6613.119 has been discovered. This bug allows remote attackers to gain control of a victim's machine by running arbitrary code that executes on their behalf. |
Linux KernelThe DiscoveryA new security bug, CVE-2024-43856, has been found in the Linux kernel's dmam_free_coherent() function. Direct Memory Access (DMA) is an integral feature that enables hardware devices to move data directly between system memory and hardware devices without going through the CPU. However, if this process becomes compromised—as with this recent flaw—it could lead to incorrect memory access, data corruption, unexpected behavior, or system crashes. |
PREVIOUS
NEXT
