**Software Firms Issue Critical Security Fixes Just in Time for the Holidays**
*Microsoft, Google, Atlassian, and Cisco Release Patches for Major Vulnerabilities*
As the holiday season approaches, the tech world is abuzz with news of major security vulnerabilities that are being exploited in real-world attacks. Software firms like Microsoft, Google, Atlassian, and Cisco have been hard at work issuing crucial fixes for these critical flaws to safeguard users’ data and privacy.
**Google Chrome Vulnerabilities**
Google made headlines with the release of seven security fixes for its popular Chrome browser. One of the patches was an emergency fix for an issue that was already being exploited in real-life attacks. Tracked as CVE-2023-6345, the flaw is an integer overflow issue in Skia, an open-source 2D graphics library. Google acknowledged the existence of an exploit for this vulnerability in the wild and issued a patch to address the issue.
While details about the specific fix were scarce at the time, it was reported by Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group, suggesting that the exploit could be related to spyware. Additionally, six other high-impact flaws were addressed in the latest release, including a type-confusion bug in Spellcheck and a use-after-free issue in libavif.
**Mozilla Firefox Fixes**
Meanwhile, Firefox, a popular alternative to Chrome, also released patches to address ten vulnerabilities, six of which were rated as high-impact. These included an out-of-bound memory access flaw in WebGL2 blitFramebuffer, a use-after-free issue in MessagePort, and a bug related to clickjacking permission prompts using the full-screen transition.
Two Memory safety bugs, both with a CVSS score of 8.8, in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 were also fixed in this release.
**Google Android Vulnerabilities**
Google’s Android Security Bulletin for November detailed multiple fixes, including eight in the Framework, six of which were elevation of privilege bugs. The tech giant also addressed seven issues in the System, with six rated as high severity and one marked as critical. The critical bug, known as CVE-2023-40113, could lead to local information disclosure with no additional execution privileges needed.
With these major firms working tirelessly to address critical security vulnerabilities, users can enjoy a safer and more secure online experience during the holiday season. It’s a reminder that even during festive times, the need for robust cybersecurity measures remains paramount.
