Google publishes exploit code for unfixed chromium vulnerability

Kiswahili

Google published proof-of-concept exploit code on Wednesday for a vulnerability in its Chromium browser that has gone unfixed for 29 months. The flaw affects Chrome, Microsoft Edge, and other Chromium-based browsers used by millions worldwide. It enables attackers to establish persistent connections for monitoring user activity and launching attacks.

The exploit targets the Browser Fetch programming interface, which handles background downloads of large files. Once activated, it creates a service worker that can reopen connections even after browser or device restarts. This setup allows a compromised device to join a limited botnet for proxying traffic or enabling denial-of-service attacks without granting deeper system access.

Makala yanayohusiana

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
Picha iliyoundwa na AI

Linux CopyFail exploit threatens root access amid Ubuntu outage

Imeripotiwa na AI Picha iliyoundwa na AI

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

Researchers uncover leaked API keys on nearly 10,000 websites

Researchers analyzing 10 million web pages have identified 1,748 active API credentials from 14 major providers exposed across nearly 10,000 websites, including those run by banks and healthcare providers. These leaks could enable attackers to access sensitive data or gain control over digital infrastructure. Nurullah Demir of Stanford University described the issue as very significant, affecting even major companies.

New dirty frag exploit grants root access on linux systems

Imeripotiwa na AI

A security researcher has disclosed Dirty Frag, a new Linux kernel exploit that allows local users to gain root privileges. The flaw affects major distributions and remains unpatched on most systems despite earlier fixes for a similar issue.

Teknolojia

OpenClaw patches severe vulnerability granting admin access

Teknolojia

Security researchers breach macOS using Anthropic AI tool

Linux

US government issues urgent CopyFail warning as Linux patches roll out

New fragnesia linux kernel flaw disclosed

A new Linux local privilege escalation vulnerability known as Fragnesia has been made public. The flaw is described as similar to Dirty Frag and involves an ESP/XFRM logic bug.

FBI urges router security steps after Russian GRU attacks

Imeripotiwa na AI

US federal agencies have disclosed that Russian military intelligence compromised thousands of small office and home routers, urging owners to take immediate protective measures.

Ijumaa, 22. Mwezi wa tano 2026, 04:20:28

Nearly all firms admit shipping vulnerable AI-generated code

Jumatano, 20. Mwezi wa tano 2026, 10:09:47

Microsoft warns of password reset exploits by hackers

Alhamisi, 7. Mwezi wa tano 2026, 00:48:14

Experts warn Microsoft Phone Link tool exploited by unknown threat

Jumatano, 22. Mwezi wa nne 2026, 09:46:30

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

Jumamosi, 4. Mwezi wa nne 2026, 14:25:00

Daniel Stenberg warns of risks in curl project

Alhamisi, 19. Mwezi wa tatu 2026, 04:05:30

Three high-risk AI vulnerabilities discovered in Claude.ai

Jumatano, 18. Mwezi wa tatu 2026, 03:20:19

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

Jumatano, 11. Mwezi wa tatu 2026, 14:00:34

Google report warns of shifting cloud threat landscape

Jumatatu, 9. Mwezi wa tatu 2026, 22:16:27

Anthropic finds 14 high-severity Firefox flaws using Claude AI

Jumatano, 25. Mwezi wa pili 2026, 15:18:59

New cybercrime platform 1Campaign aids malicious Google ads

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa