This is already the 12th vulnerability in Chrome, fixed since the beginning of 2021.
Google has released an emergency patch for the Google Chrome web browser that fixes a zero-day vulnerability (CVE-2021-37973) A post-release exploit vulnerability was discovered in the Portals API web navigation system that allows a page to render another page as an insert and “execute a smooth transition to a new state, where the previously inserted page becomes the top-level document. ”
The issue was reported by Clément Lecigne of the Google Threat Analysis Group (TAG). Since early 2021, Google has addressed a total of 12 zero-day vulnerabilities in Chrome:
CVE-2021-21148 – Heap buffer overflow in V8;
CVE-2021-21166 – Object reuse in audio;
CVE-2021-21193 – use after freeing in Blink;
CVE-2021-21206 – post-free use in Blink;
CVE-2021-21220 – incorrect validation of unreliable input data in V8 for x86_64;
CVE-2021-21224 – inconsistencies of the used data types in V8;
CVE-2021-30551 – inconsistencies of the used data types in V8;
CVE-2021-30554 – Post-release usage in WebGL;
CVE-2021-30563 – inconsistencies of the used data types in V8;
CVE-2021-30632 – write out of bounds in V8;
CVE-2021-30633 – Post-release usage in Indexed DB API.
Chrome users are advised to update to the latest version (94.0.4606.61) for Windows, macOS and Linux.
Hackers hacked Europe’s largest missile manufacturer
Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.
The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.
The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.
Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.
MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.
Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once
Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.
Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.
Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.
Hacker withdrew about $6 million worth of ETH from decentralized streaming platform Audius
Audius (AUDIO) is an artist-run, community-owned music streaming platform that aims to enable anyone to freely distribute, monetize, and stream audio.
Audius aims to return money and power to artists by connecting them directly to listeners and removing record labels and middlemen from the equation.
If bitcoin can be called the digital analogue of gold, then, according to the developers, Audius aims to be the next Spotify or SoundCloud on the blockchain. “The cryptocurrency music app aims to decentralize and democratize the music industry and give artists back more money and control.”
An unknown person was able to change the configuration of the smart contract for managing Audius, and then created a malicious offer to withdraw $6 million in AUDIO tokens.
An unknown person was able to change data on the voting time for the proposal in the Audius smart contract, as well as the delay in the execution of the voting result. As a result of the fraud, the attacker brought the stolen cryptocurrency for sale, however, due to market slippage, he was able to sell a cryptocurrency worth $6 million for only $1.1 million in Ethereum.
According to the attacker’s address transfer history, the cryptocurrency received from the sale was “laundered” at 100 ETH per transaction through the Tornado Cash mixer.
Audius representatives confirmed the hack. The project developers claim that the functionality of the smart contract has been resumed after a detailed study. Whether Audius will compensate investors for losses remains unclear.
GTA VI will set a new bar for quality for the entire entertainment industry
Take-Two management said that developers from Rockstar Games are working on a new part of Grand Theft Auto. Development is...
“Keep military and K9 dogs out of danger” – US Space Force began using robotic dogs at Cape Canaveral
The military’s youngest branch, the US Space Force, is starting to use robotic dogs to automate “damage assessment and patrols”...
Official: Motorola Razr 2022 will be the first smartphone with a flexible 144Hz screen
Motorola has published a fresh teaser on the Chinese social network Weibo, according to which the Razr 2022 foldable smartphone...
US regulator approves deliveries of Boeing 787 Dreamliner aircraft for the first time since May 2021
Reuters, citing its sources, writes that the US Federal Aviation Administration has approved the delivery of the first Boeing 787...
Gaming6 days ago
STALKER 2 pre-order has been removed from the Xbox Store. A day later, the authors explained the reason
Phones6 days ago
In times of crisis, Europeans choose Samsung and Apple. Statistics showed the situation in the smartphone market in Europe
Components7 days ago
3.1K screen, tiny bezel, Intel Core i7, 16GB RAM and 1TB SSD, slim design and six speakers. Flagship laptop Huawei Matebook X Pro 2022 went on sale in China
Wearables6 days ago
Large 1.91″ AMOLED screen, eSIM, NFC, heart rate and SpO2 sensors, ECG logging and up to 15 days of battery life. Oppo Watch 3 features revealed