#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

WebAssembly | Breaking Cybersecurity News | The Hacker News

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

May 16, 2024 Browser Security / Vulnerability
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier  CVE-2024-4947 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type confusion vulnerabilities  arise when a program attempts to access a resource with an incompatible type. It can have  serious impacts  as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the third zero-day that Google has patched within a week after  CVE-2024-4671  and  CVE-2024-4761 . As is typically the case, no additional details about the attacks are available and have been withheld to prevent further exploitation. "Google is aware that an exploit for CVE-2024-4947 exists in the wild," the company  said .
Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Apr 08, 2024 Software Security / Cybersecurity
Google has announced support for what's called a  V8 Sandbox  in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 security technical lead Samuel Groß,  aims  to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has  described  V8 Sandbox as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine that's designed to mitigate common V8 vulnerabilities. The idea is to limit the impact of V8 vulnerabilities by restricting the code executed by V8 to a subset of the process' virtual address space ("the sandbox") and isolating it from the rest of the process. Shortcomings affecting V8 have accounted for a significant chunk of the zero-day vulnerabilities that Google has  addressed  between  2021  and  2023 , with as many as 16 security flaws discovered over the time period. "The sandbox assumes that an attacker can arbitrarily and conc
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

Jul 26, 2022
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This uncovered a compromise of a theme file to inject malicious JavaScript code from a remote server -- hxxps://wm.bmwebm[.]org/auto.js -- that's loaded whenever the website's page is accessed. "Once decoded, the contents of auto.js immediately reveal the functionality of a cryptominer which starts mining when a visitor lands on the compromised site," Sucuri malware researcher Cesar Anjos  said . What's more, the deobfuscated auto.js code makes use of WebAssembly to run low-level binary code directly on the browser. WebAssembly , which is supported by all major browsers, is a  b
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

May 15, 2024Enterprise Security / Cloud Computing
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource
Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

May 29, 2018
Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as 'Blockchain 3.0,' that allows developers to build decentralized applications over blockchain infrastructure, just like Ethereum. Discovered by Chinese security researchers at Qihoo 360 —Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts. To achieve remote code execution on a targeted node, all an attacker needs to do is upload a maliciously crafted WASM file (a smart contract) written in WebAssembly to the server. As soon as the vulnerable process parser reads the WASM file, the malicious payload gets executed on the node, which could then al
WebAssembly — New Standard for Powerful and Faster Web Apps

WebAssembly — New Standard for Powerful and Faster Web Apps

Jun 23, 2015
Google, Apple, Microsoft , and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance. Dubbed WebAssembly (or wasm for short), a project to create a new portable bytecode for the Web that will be more efficient for both desktop as well as mobile web browsers to parse than the complete source code of a Web page or an application. Bytecode is actually a machine-readable instruction set that is faster for web browsers to load than high-level languages. WebAssembly — A New File Format to Compile Code At the moment, browsers use JavaScript to interpret the code and allow functionality on websites such as dynamic content and forms. By default, JavaScript files are downloaded from the server and then compiled by the JavaScript engine in the web browser. However, improvements have been made to load times via Asm.js — the stripped-down JavaScript dialect described as an "assembly language for
Cybersecurity
Expert Insights
Cybersecurity Resources