Serious Vulnerability to be Found in Chrome

As reported, experts suggest that attackers collect information for future attacks
01 March 2019   765

An unpatched vulnerability discovered in Chrome that is currently used by attackers to monitor users and collect some data from them. They send out PDF files, which are not malicious in nature. But if the victim opens it in the Chrome embedded PDF reader, data on the user's IP address, versions of the system and browser will flow to a third-party server.

Experts suggest that attackers collect information for future attacks.

Chrome developers promise to release a patch in late April. In the meantime, information security experts recommend either opening PDF files in desktop readers, or turning off the Internet while viewing them in a browser.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   954

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.