Lots of details that are beyond me.
Daily Archives: November 22, 2024
chromium-131.0.6778.85-1.el8
FEDORA-EPEL-2024-09b0f49aa6
Packages in this update:
chromium-131.0.6778.85-1.el8
Update description:
Update to 131.0.6778.85
High CVE-2024-11395: Type Confusion in V8
High CVE-2024-11110: Inappropriate implementation in Blink
Medium CVE-2024-11111: Inappropriate implementation in Autofill
Medium CVE-2024-11112: Use after free in Media
Medium CVE-2024-11113: Use after free in Accessibility
Medium CVE-2024-11114: Inappropriate implementation in Views
Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
Medium CVE-2024-11116: Inappropriate implementation in Paint
Low CVE-2024-11117: Inappropriate implementation in FileSystem
Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits
Microsoft has seized 240 websites associated with the “ONXX” phishing-as-a-service operation, and has sued the developer of this service
chromium-131.0.6778.85-2.fc40
FEDORA-2024-292aa2c246
Packages in this update:
chromium-131.0.6778.85-2.fc40
Update description:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
chromium-131.0.6778.85-1.el9
FEDORA-EPEL-2024-7a7d342b23
Packages in this update:
chromium-131.0.6778.85-1.el9
Update description:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
chromium-131.0.6778.85-1.el10_0
FEDORA-EPEL-2024-63b3a88151
Packages in this update:
chromium-131.0.6778.85-1.el10_0
Update description:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
chromium-131.0.6778.85-2.fc41
FEDORA-2024-582d2a7648
Packages in this update:
chromium-131.0.6778.85-2.fc41
Update description:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
chromium-131.0.6778.85-1.fc39
FEDORA-2024-ecfbcfce86
Packages in this update:
chromium-131.0.6778.85-1.fc39
Update description:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
Russian Cyber Spies Target Organizations with HatVibe and CherrySpy Malware
Russian-aligned TAG-110 uses custom tools to spy on governments, human rights groups and educational institutions in Europe and Asia
The Scale of Geoblocking by Nation
Interesting analysis:
We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims.
The paper: “Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo“:
Abstract: We present one of the first in-depth and systematic end-user centered investigations into the effects of sanctions on geoblocking, specifically in the case of Cuba. We conduct network measurements on the Tranco Top 10K domains and complement our findings with a small-scale user study with a questionnaire. We identify 546 domains subject to geoblocking across all layers of the network stack, ranging from DNS failures to HTTP(S) response pages with a variety of status codes. Through this work, we discover a lack of user-facing transparency; we find 88% of geoblocked domains do not serve informative notice of why they are blocked. Further, we highlight a lack of measurement-level transparency, even among HTTP(S) blockpage responses. Notably, we identify 32 instances of blockpage responses served with 200 OK status codes, despite not returning the requested content. Finally, we note the inefficacy of current improvement strategies and make recommendations to both service providers and policymakers to reduce Internet fragmentation.