August has seen a flurry of patches released by technology giants like Microsoft, Google Chrome, and Firefox to fix serious vulnerabilities. These patches are crucial as some of the flaws are already being exploited in attacks. While there was no iPhone update from Apple, major fixes were released for enterprise software, including Ivanti, SAP, and Cisco. Microsoft's Patch Tuesday fixed numerous vulnerabilities, including ones being actively targeted. Google Chrome also issued updates, addressing high impact flaws in V8 and WebRTC. Firefox patched various vulnerabilities, some of which could lead to arbitrary code execution. Lastly, Google patched several critical vulnerabilities in its Android operating system, including RCE issues in System and Media Framework.
Google is introducing updates and a fresh look for Chrome on its 15th anniversary, including a redesigned interface, new theme options, improved icons, and a more integrated experience with computer settings, as well as enhanced safety features and a revamped Chrome Web Store.
Google is deprecating its standard Safe Browsing feature in Chrome and moving users to Enhanced Safe Browsing, which provides real-time phishing protection but raises privacy concerns.
Many popular web browsers including Google Chrome, Microsoft Edge, Firefox, and Brave have issued security updates to fix a critical vulnerability that could allow malicious code to be run on users' computers.
Apple has released emergency security updates to fix three new zero-day vulnerabilities that were exploited to target iPhone and Mac users, bringing the total number of zero-days fixed this year to 16. The vulnerabilities allowed attackers to bypass signature validation, execute arbitrary code, and escalate privileges. The impacted devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer, and Apple Watch Series 4 and later. The zero-days were discovered and reported by security researchers at Citizen Lab and Google's Threat Analysis Group.
Google has resubmitted a disclosure of a critical code-execution vulnerability, originally thought to only affect the Chrome browser, revealing that thousands of apps and software frameworks are affected by the flaw.
Google has released emergency security updates to patch a zero-day vulnerability in Chrome that has been exploited in spyware attacks, with the vulnerability caused by a heap buffer overflow weakness in the VP8 encoding of the libvpx video codec library.
Google is releasing ChromeOS 117, bringing Material You design and several usability improvements to Chromebooks, including redesigned Quick Settings and a new notifications section with a privacy indicator.
Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.
A critical zero-day vulnerability in Google Chrome and Mozilla Firefox exposes the internet to potential attacks, with the flaw affecting the widely-used libvpx code library for processing media files in the VP8 format.
