High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical).
What is the Vendor Solution?
Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution” in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
It was discovered that ImageMagick incorrectly handled certain values when
processing BMP files. An attacker could exploit this to cause a denial of
service.
