The high-severity issue, tracked as CVE-2023-6345, is described as an integer overflow bug in Skia, the open source 2D graphics library that serves as the graphics engine in Chrome, Firefox, and other browsers. “Google is aware that an exploit for CVE-2023-6345 exists in the wild,” the internet giant notes in its advisory, without providing specific […]
Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this issue to submit or delete jobs without authentication. Furthermore, the attacker could retrieve sensitive information and execute arbitrary code, Bishop Fox says. “The vulnerability […]
Cybersecurity researchers have detailed a “severe design flaw” in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. “Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized […]
Latest Comments