🔥 Unpatched Zero-Days Dropped Publicly & Chrome's Sandbox Shattered in a Single Bug
Two critical threats landed today that every organization using Chrome or open-source dev tools needs to know about immediately — one involves unpatched zero-days dropped into the open with no warning, the other punches through Chrome's security sandbox with a single flaw.
🗂️ Anonymous Hacker Publishes Unpatched Zero-Days — No Vendor Warning
An anonymous researcher going by "bikini" just dropped a GitHub repository called "exploitarium" containing working exploit write-ups for two unpatched vulnerabilities — without telling the software makers first. That's a big deal because it means attackers can use these exploits right now, with no fixes available.
The two flaws are a remote code execution bug in libssh2 (a widely used SSH library) and an authentication bypass in Gitea, a popular self-hosted Git platform. In plain English: an attacker could potentially take over servers running these tools without needing a password. If your team uses Gitea for code hosting or any software that relies on libssh2, you should treat this as urgent. Until patches are released, watch your SSH and Git service logs closely for anything unusual.
🌐 One Chrome Bug to Rule Them All: Longinus (CVE-2026-6307)
Researchers disclosed a Chrome vulnerability called "Longinus" that's scary for a specific reason: most browser exploits require chaining several bugs together to escape the browser's security sandbox. This one does it with a single flaw.
The bug lives in Chrome's JavaScript engine (V8) and allows an attacker to achieve full remote code execution — meaning they could run malicious software on your computer just by getting you to visit a booby-trapped webpage. Chrome's sandbox is supposed to prevent exactly this kind of attack, but Longinus bypasses both the renderer sandbox and a secondary protection layer in one shot. The good news: a patch is available in Chrome version 106.0.5249.119. Update your Chrome browser right now if you haven't already — this is exactly the kind of vulnerability attackers rush to exploit before people patch.
Threats like these are moving faster than ever. Stay ahead of them with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment