fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Emergency Google Chrome Update Fixes Zero-days Used in Attacks

Emergency Google Chrome Update Fixes Zero-days Used in Attacks

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.

“Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google disclosed in the list of security fixes in today’s Google Chrome release.

While Google states that the new version may take some time to reach everyone, the update has already started rolling out Chrome 95.0.4638.69 to users worldwide in the Stable Desktop channel. 

Also Read: What is Social Engineering and How Does it Work?

To install the Chrome update immediately, go to Chrome menu Help About Google Chrome, and the browser will begin performing the update.

Chrome 95.0.4638.69 was installed immediately
Chrome 95.0.4638.69 was installed immediately

Google Chrome will also check for available updates and install them the next time you launch the web browser.

Zero-day attacks’ details not disclosed

This Chrome release fixes a total of seven vulnerabilities, with two being zero-days that are known to have been exploited in the wild.

The first zero-day, tracked as CVE-2021-38000, is described as an “Insufficient validation of untrusted input in Intents” and was assigned a High severity level. This vulnerability was discovered by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on September 15th, 2021.

The second zero-day, tracked as CVE-2021-38003, is a High severity “Inappropriate implementation” bug in the Chrome V8 JavaScript engine. This vulnerability was discovered by Lecigne as well and reported on October 24th.

At this time, Google or the researchers have not provided further details regarding how threat actors used the vulnerabilities in attacks. However, as Google discovered the vulnerabilities, we may learn more in future reports by Google TAG or Project Zero.

As these two vulnerabilities have been used in attacks, it is suggested that all Chrome users perform a manual upgrade or restart their browser to install the latest version.

Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software

Fifteenth zero-day fixed this year

With these fixes, Google has patched 15 Chrome zero-day vulnerabilities since the beginning of 2021.

The other thirteen zero-days patched this year are listed below:

As Google is now pushing out Chrome updates to fix zero-days as they are reported, it is strongly advised that users do not block updates and install new versions as they become available.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us