Google

Cloud Security

Issued by: Security Week

The vulnerability was found by security researcher Imre Rad, who disclosed his findings last week on the Full Disclosure mailing list. Rad found the vulnerability in Extensible Service Proxy (ESP), an open source, Nginx-based proxy that enables API management capabilities for JSON/REST or gRPC API services. Its features include authentication, monitoring and logging. ESP is…

Vulnerabilities

Issued by: Security Week

The exploited vulnerabilities include CVE-2021-37975, a high-severity use-after-free bug in the V8 engine, and CVE-2021-37976, a medium-severity information leak issue in the core. Both were reported last week. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” the Internet search giant says. Now rolling out to Windows, Mac and Linux users…

Vulnerabilities

Issued by: Security Week

Over 70% of the severe bugs identified last year in Chrome were memory safety issues, namely “mistakes with pointers in the C or C++ languages,” and Google decided to tackle the problem before it becomes even more serious. Of the potential solutions, the Internet search giant decided to focus on two, namely introducing runtime checks…

Application Security

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Application Security

Issued by: Security Week

Google’s collaboration and productivity solution was already encrypting data, both when at rest and in transit, but the new feature is meant to provide additional control and ease of mind over the security of data. In addition to increasing the confidentiality of data, the feature also helps customers meet sovereignty and compliance requirements, as it…

Software Security

Issued by: Security Week

The U.K. competition watchdog has been investigating Google’s proposals to remove so-called third-party cookies over concerns they would undermine digital ad competition and entrench the company’s market power. To address the concerns, Google on Friday offered a set of commitments including giving the Competition and Markets Authority an oversight role as the company designs and…

Vulnerabilities

Issued by: Security Week

Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux. The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and…