CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

High-Severity Vulnerabilities Patched in Zoom, Chrome 

Zoom Apps security updates resolve six vulnerabilities and Chrome 131 stable is rolling out with 12 security fixes.

Zoom and Chrome security updates released on Tuesday patch over a dozen vulnerabilities affecting users across desktop platforms.

Zoom announced fixes for six security defects, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information.

The first bug, tracked as CVE-2024-45421 (CVSS score of 8.5), is described as a buffer overflow issue that requires authentication for successful exploitation.

The second flaw, tracked as CVE-2024-45419 (CVSS score of 8.1), is an improper input validation issue that can be exploited over the network, without authentication.

Both vulnerabilities impact Zoom Workplace App, Rooms Client, Rooms Controller, Video SDK, and Meeting SDK prior to version 6.2.0 across desktop and mobile platforms, and Workplace VDI Client for Windows before version 6.1.12 (except 6.0.14).

Two other bugs, both medium severity, are described as improper input validation and uncontrolled resource consumption issues that could be exploited to cause denial-of-service (DoS) conditions.

The remaining two flaws, also medium severity, affect the installer for some Zoom apps for macOS before version 6.1.5 and could lead to privilege escalation or information disclosure.

Users are advised to update their installations as soon as possible. Additional information can be found on Zoom’s security bulletins page.

Advertisement. Scroll to continue reading.

On Tuesday, Google announced the promotion of Chrome 131 to the stable channel with patches for 12 vulnerabilities, including eight reported by external researchers.

The most severe of the externally reported flaws is a high-severity inappropriate implementation bug in Blink, tracked as CVE-2024-11110, which was reported last month.

The latest browser update also resolves six medium-severity issues, including inappropriate implementations in Autofill, Views, and Paint, use-after-free bugs in Media and Accessibility, and an insufficient policy enforcement flaw in Navigation. A low-severity inappropriate implementation in FileSystem was also resolved.

Google says it paid a $1,000 reward for the inappropriate implementation in Autofill, but has not disclosed the bug bounty rewards to be handed out for the other seven security defects.

The latest Chrome iteration is now rolling out as versions 131.0.6778.69/.70 for Windows and macOS, and as version 131.0.6778.69 for Linux.

Related: In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, LastPass Phishing Campaign

Related: Webex Monitors Microphone Even When Muted, Researchers Say

Related: New Zoom Features Tackle Meeting Disruptions

Related: Google Introduces New Open-Source Data Privacy Protocol

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.