Adrian Johnson
**TLDR: Google has released a patch for a zero-day vulnerability in Chrome, while Citrix is advising customers to apply patches for two zero-day vulnerabilities in its products. In addition, a new strain of malware called Phemedrone Stealer is targeting web browsers. In other news, Ford has abandoned a controversial patent request to repossess vehicles of delinquent owners, and a Russian tech student may face charges of treason for allegedly assisting Ukrainian hackers.
**Google has released a patch for a zero-day vulnerability in Chrome. The patch, which addresses the CVE-2024-0519 exploit, is available for users in the Stable Desktop channel on Windows, Mac, and Linux systems. The update was released less than a week after the vulnerability was first reported. Bleeping Computer reported that the security update was already accessible, despite Google stating that it could take days or weeks to officially roll out.
**Citrix is urging customers to promptly apply patches to address two zero-day vulnerabilities in its Netscaler ADC and Gateway appliances. The vulnerabilities, CVE-2023-6548 and CVE-2023-6549, pose risks of remote code execution and denial-of-service attacks. Citrix has clarified that Citrix-Managed Cloud Services and Citrix-Managed Adaptive Authentication are not affected.
**A new strain of malware called Phemedrone Stealer is targeting web browsers. The malware exploits a vulnerability, CVE-2023-36025, that Microsoft patched in November 2023. Despite the patch, threat actors continue to exploit the vulnerability through Microsoft Windows Defender SmartScreen. Microsoft has advised users to update to the latest patched version to protect against the malware.
**Ford has abandoned a controversial patent request that would have allowed the company to repossess vehicles of delinquent owners. The patent, filed in February 2023, described measures such as locking the car, disabling steering, brakes, and AC, and playing sounds to disable a vehicle based on late payments. Ford stated that patent submissions are routine and not indicative of new business or product plans.
**A Russian tech student may face charges of treason for allegedly assisting Ukrainian hackers in conducting cyber attacks against Russia. The student, identified as Seymour Israfilov, is accused of working for a Ukrainian hacker group that targeted local authorities and universities. If convicted, he could face up to 20 years in prison.
**Nearly 200,000 SonicWall next-generation firewall devices are at risk due to two unauthenticated denial-of-service (DoS) vulnerabilities. The vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656, could be exploited to launch DoS and remote code execution attacks. So far, there have been no reports of exploitation.
**VMware and Atlassian have disclosed critical vulnerabilities that administrators are urged to patch immediately. Atlassian’s vulnerability, CVE-2023-22527, affects Confluence Data Center and Server 8 versions, while VMware’s vulnerability, CVE-2023-34063, involves a missing access control problem in all versions of Aria Automation. Both companies have not received reports of exploitation but recommend users to patch immediately.
