好吧,我还没升级,不过这素有原因哒。
如果有和我一样还在使用chromedriver又对主浏览器安全性有要求的朋友,可以改用chromium。
. . . * . * ☄️. * . * . 🔆 .* . * . 🧶 * . * . . .
信息来源:theHackNews
原文地址:https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html
. . . * . * ☄️. * . * . 🔫 .* . * . 🧶 * . * . . .
原文翻译
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.
谷歌周四发布了安全更新,以解决Chrome浏览器中的一个被广泛利用中的0day漏洞。
Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.
这个漏洞编号为CVE-2024-4671,被描述为Visuals组件中的use-after-free(释放后可重用,UAF)漏洞。它在2024年5月7日被一名匿名研究者上报。
Use-after-free bugs, which arise when a program references a memory location after it has been deallocated, can lead to any number of consequences, ranging from a crash to arbitrary code execution.
UAF漏洞,发生在程序引用了一块已释放内存时。这样的引用可能会导致许多后果,从崩溃到任意代码执行。
"Google is aware that an exploit for CVE-2024-4671 exists in the wild," the company said in a terse advisory without revealing additional specifics of how the flaw is being weaponized in real-world attacks or the identity of the threat actors behind them.
“谷歌意识到CVE-2024-4671的漏洞已被在野利用,”该公司(根据上下文指的是谷歌自己)在一份简短的咨询中表示,但没有透露该漏洞如何在现实世界的攻击中被武器化的更多细节,也没有透露其背后威胁行为者的身份。
解决方案
更新chrome到最新版本,因为针对此漏洞的修复已完成。
Users are recommended to upgrade to Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux to mitigate potential threats.
Windows用户可以更新到124.0.6367.201/.202版本以上。
. . . * . * 🌟 * . * . . .
由于很多人问我微信群的事情,所以我建了一个小微信群。现在可以在公众号菜单里选择合作交流->交流群获取交流群二维码,希望大家和谐交流,为更好更友善的行业环境贡献自己的力量。
原文始发于微信公众号(重生之成为赛博女保安):Chrome又现在野0day漏洞,需要升级浏览器
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论