@hadtogajo

Privacy professionals

You Need to Update Your Browser, Like, Yesterday

Unless you updated your browser in the past few days, it likely contains a critical flaw.The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format.Known generally as a "heap buffer overflow," the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device.Google says the bug has already been exploited in the wild.
...
Initially identified early this week as a zero-day vulnerability in Google's Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozilla's Firefox, Microsoft Edge, Opera, Brave, and more.It also affects apps like Telegram, 1Password, Thunderbird, and Gimp.Patches for the flaw are rolling out now, so keep your eyes peeled for updates.
...
Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, Haaretz reports, allowing attackers to track people and hack their devices.The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time.
[ post ]