Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.
Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability to execute remote code on the targeted machine.
Four of the vulnerabilities included in today’s Vulnerability Roundup that affect the Accusoft ImageGear development toolkit have a CVSS severity score of 9.8 out of a possible 10.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Use-after-free vulnerability in Google Chrome web browser
TALOS-2023-1751 (CVE-2023-3421) is a use-after-free vulnerability that affects the Google Chrome web browser. An attacker could exploit this vulnerability by tricking the target into visiting a specially crafted HTML web page.
The vulnerability arises when an adversary manipulates a specific function in Chrome to cause an out-of-bounds heap memory access, which could lead to a heap use-after-free or heap overflow.
Multiple vulnerabilities in Accusoft ImageGear
Talos researchers recently discovered eight vulnerabilities in Accusoft ImageGear, a document-imaging developer toolkit that allows users to convert, edit and create images.
Three of the vulnerabilities — TALOS-2023-1802 (CVE-2023-32653), TALOS-2023-1830 (CVE-2023-39453) and vulnerabilities disclosed talos including after issue google chrome
