PSA: a recently-fixed image parsing vulnerability in Chrome (and things that use Chrome, such as Electron apps) is being actively exploited in the wild. install your updates!
(nvd.nist.gov)
from cypherpunks@lemmy.ml to security@lemmy.ml on 15 Sep 2023 14:22
https://lemmy.ml/post/4958659
from cypherpunks@lemmy.ml to security@lemmy.ml on 15 Sep 2023 14:22
https://lemmy.ml/post/4958659
cross-posted from: lemmy.ml/post/4958656
Chrome was updated September 11
Matrix Element Desktop updated September 15, without a changelog or advisory. (The Element update on September 13 did not include the updated electron with the fix; today’s update does, according to their announcement on Matrix.)
Many/most electron apps don’t receive timely security updates, so if you don’t want arbitrary images to be able to get code execution you might want to stop using them.
#security
threaded - newest