Latest news with #BenoîtSevens
Daily Mirror
03-06-2025
- Business
- Daily Mirror
Everyone who uses Chrome urged to quit their browser and restart it immediately
All Chrome user should check their settings without delay and make sure they are running the very latest version. If your chosen web browser happens to be Google's Chrome application, you are advised to restart it without delay. The US technology giant has just confirmed the release of an update that fixes a bug found within this popular internet searching software. That might not sound all that important, but this latest release is urgent and has been given the dreaded "zero-day" rating. For those not up to speed with the latest tech jargon, a zero-day threat means hackers are aware of it and are actively exploiting it in the wild. " Google is aware that an exploit for CVE-2025-5419 exists in the wild," Google said in an update posted on its security pages. It's now vital that you head to the settings and make sure things are fully up to date. If not, you'll need to relaunch the browsers without delay. If you own a Mac or Windows PC, the Chrome version you should be running is 137.0.7151.68/.69. "The Stable channel has been updated to 137.0.7151.68/.69 for Windows, Mac and 137.0.7151.68 for Linux which will roll out over the coming days/weeks," Google added. According to Google's latest update, the CVE-2025-5419 issue is caused by "out of bounds read and write in V8". It was reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group. As long as you restart your browser, you won't be affected, so now is a good time to check and make sure everything is up to date.
Yahoo
08-04-2025
- Yahoo
Google fixes two Android zero-day bugs actively exploited by hackers
On Monday, Google released an update for Android that fixes two zero-day flaws that 'may be under limited, targeted exploitation,' as the company put it. That means Google is aware that hackers have been and may still be using the bugs to compromise Android devices in real-world scenarios. One of the two now-fixed zero-days, tracked as CVE-2024-53197, was identified by Amnesty International in collaboration with Benoît Sevens of Google's Threat Analysis Group, the tech giant's security team that tracks government-backed cyberattacks. In February, Amnesty said it had found that Cellebrite, a company that sells devices to law enforcement for unlocking and forensically analyzing phones, was taking advantage of a chain of three zero-day vulnerabilities to hack into Android phones. Do you have more information about Android zero-days? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop. In this case, Amnesty found the vulnerabilities, including the one patched on Monday, being used against a Serbian student activist by local authorities armed with Cellebrite. There isn't a lot of information, however, on the second vulnerability, CVE-2024-53150, patched on Monday, other than the fact that its discovery was also credited to Google's Sevens and that the flaw was found in the kernel, the core of an operating system. Google did not immediately respond to a request for comment. Amnesty spokesperson Hajira Maryam said the non-profit did not have anything to share at this point. The tech giant said in its advisory that 'the most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed," and that, "user interaction is not needed for exploitation.' Google said that it would push source code patches for the two fixed zero-days within 48 hours of the advisory, while also noting that Android partners are "notified of all issues at least a month before publication.' Given Android's open source nature, every phone manufacturer now has to push patches out to their own users. This story was updated to include Amnesty's response. Sign in to access your portfolio
