Web browser: Another vulnerability actively exploited, Adobe PDF viewer updated
Google reports the exploitation of another vulnerability in the wild. The Edge updates also close a leak in the Adobe PDF Viewer.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Last week, Google and Microsoft closed an already actively exploited vulnerability in the Chrome web browser and the Edge browser derived from it. Google added to the security warning on Monday this week – Another vulnerability closed with the update is now already being attacked. Adobe also warns of a security vulnerability in the Adobe PDF Viewer of the Edge browsers, which the updates close.
Anyone who has not yet ensured that their browsers are up to date should do so as soon as possible: Google has updated the release announcement from last week and explained that it became known after publication that the vulnerability CVE-2024-7965 is also already being abused by attackers in the wild. It is an "inappropriate implementation in V8", the browser's JavaScript engine, and the risk is considered "high". It therefore also affects the Edge browser, which closed the leak with last Friday's update.
Further gap in Adobe PDF viewer closed
Another of the vulnerabilities closed with the Edge update concerns the external component "Adobe PDF Viewer", which could execute infiltrated code from the network. According to Adobe, the cause is possible write access outside the intended memory areas, which can occur when viewing a manipulated file (CVE-2024-41879). According to the CVE entry now published by Adobe, Adobe rates the risk as"high" and comes to a CVSS value of 7.8.
You can find out whether the update has already been installed by opening the version dialog. By clicking on the icon with the three stacked dots to the right of the address bar, you can get there in Chrome via "Help" – "About Google Chrome" and in Edge via "Help and feedback" – "About Microsoft Edge". The version number for Edge should be at least 128.0.2739.42, Google Chrome seals the security leaks in version 128.0.6613.84/.85 and newer.
The updates have been available since the middle and end of last week respectively. Anyone who has not yet installed them or is unsure should now do so quickly by calling up the version dialog as described.
(dmk)