Tracked as CVE-2021-21193, the use-after-free memory bug is the third Chrome flaw to be discovered in recent weeks for which there’s been an exploit circulating online.
Google has patched the flaw alongside five bugs overall, including two further highly-rated vulnerabilities tracked as CVE-2021-21191 and CVE-2021-21192. The first of these is another use-after-free flaw in the WebRTC component, used for audio streaming, while the second is a heap buffer overflow vulnerability present in tab groups.
An XSS flaw in the Elementor WordPress plugin, actively installed on more than 7 million websites, may have allowed unauthorised users to access the Elementor editor to take control of targeted sites.
Meanwhile, researchers with PatchStack identified a remote code execution vulnerability in another WordPress plugin known as WP Super Cache, which is used to cache pages of a WordPress site. This vulnerability could’ve been exploited by hackers to upload and execute malicious code on a targeted site in order to seize control.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisation
Cisco has identified and patched a highly-rated vulnerability in a handful of its small business router products.
This remote code execution and denial of service (DOS) vulnerability, tracked as CVE-2021-1287, was embedded in the web-based management interface for Cisco RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. Remote hackers could have exploited the flaw to execute code on an affected device or cause it to restart unexpectedly.
The now-patched management interface was unable to properly validate user input in its previous build. An attacker may have exploited this by sending crafted HTTP requests to an affected device, with successful attacks allowing them to execute code as the root user on the operating system, or cause the device to reload. This would lead to the router being locked in a DOS state.
hackingcyber attacksvulnerabilityexploitsShare on FacebookShare on TwitterShare on LinkedInShare via EmailFeatured Resources
Consumer choice and the payment experience
A software provider’s guide to getting, growing, and keeping customers
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email security
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021
How to increase cyber resilience within your organisation
Cyber resilience for dummies