Google merilis kode eksploitasi untuk kerentanan Chromium yang belum diperbaiki

Indonesia

Google merilis kode eksploitasi proof-of-concept pada hari Rabu untuk kerentanan pada peramban Chromium miliknya yang belum diperbaiki selama 29 bulan. Celah tersebut memengaruhi Chrome, Microsoft Edge, dan peramban berbasis Chromium lainnya yang digunakan oleh jutaan orang di seluruh dunia. Celah ini memungkinkan penyerang untuk membuat koneksi persisten guna memantau aktivitas pengguna dan melancarkan serangan.

Eksploitasi tersebut menargetkan antarmuka pemrograman Browser Fetch yang menangani unduhan latar belakang untuk berkas berukuran besar. Setelah diaktifkan, eksploitasi ini membuat service worker yang dapat membuka kembali koneksi bahkan setelah peramban atau perangkat dimulai ulang. Pengaturan ini memungkinkan perangkat yang disusupi untuk bergabung ke botnet terbatas guna melakukan proxy lalu lintas atau mengaktifkan serangan penolakan layanan (denial-of-service) tanpa memberikan akses sistem yang lebih dalam.

Artikel Terkait

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Gambar dihasilkan oleh AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Dilaporkan oleh AI Gambar dihasilkan oleh AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

Researchers uncover leaked API keys on nearly 10,000 websites

Researchers analyzing 10 million web pages have identified 1,748 active API credentials from 14 major providers exposed across nearly 10,000 websites, including those run by banks and healthcare providers. These leaks could enable attackers to access sensitive data or gain control over digital infrastructure. Nurullah Demir of Stanford University described the issue as very significant, affecting even major companies.

New dirty frag exploit grants root access on linux systems

Dilaporkan oleh AI

A security researcher has disclosed Dirty Frag, a new Linux kernel exploit that allows local users to gain root privileges. The flaw affects major distributions and remains unpatched on most systems despite earlier fixes for a similar issue.

Teknologi

OpenClaw patches severe vulnerability granting admin access

Teknologi

Security researchers breach macOS using Anthropic AI tool

Linux

US government issues urgent CopyFail warning as Linux patches roll out

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

FBI urges router security steps after Russian GRU attacks

Dilaporkan oleh AI

US federal agencies have disclosed that Russian military intelligence compromised thousands of small office and home routers, urging owners to take immediate protective measures.

22 Mei 2026 04.20

Nearly all firms admit shipping vulnerable AI-generated code

20 Mei 2026 10.09

Microsoft warns of password reset exploits by hackers

07 Mei 2026 00.48

Experts warn Microsoft Phone Link tool exploited by unknown threat

22 April 2026 09.46

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

04 April 2026 14.25

Daniel Stenberg warns of risks in curl project

19 Maret 2026 04.05

Three high-risk AI vulnerabilities discovered in Claude.ai

18 Maret 2026 03.20

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

11 Maret 2026 14.00

Google report warns of shifting cloud threat landscape

09 Maret 2026 22.16

Anthropic finds 14 high-severity Firefox flaws using Claude AI

25 Februari 2026 15.18

New cybercrime platform 1Campaign aids malicious Google ads

Situs web ini menggunakan cookie

Kami menggunakan cookie untuk analisis guna meningkatkan situs kami. Baca kebijakan privasi kami untuk informasi lebih lanjut.
Tolak