Hello and welcome to the Thursday, April 20th, 2020,

23 edition of the Sansonet Stormer's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Augusta, Georgia.

Well, we got yet another already exploited vulnerability in Google Chrome that has been patched by Google.

Google will release the new version of Google Chrome that fixes a total of eight warnabilities.

One of these vulnerabilities, CVE 2023-2136, it's an integer overflow in the Skiya is already being exploited.

This particular vulnerability could allow a breakout from the Google Chrome sandbox.

I just want to reiterate that we probably should stop asking people to update Google Chrome.

There has been a lot of talk about fake update notices on different websites.

Typically, the only thing you really need to do in order to update Google Chrome is just

completely exit Google Chrome and restart it, which if you make that a daily habit, you

should be pretty safe. And Oracle

released its quarterly critical patch update. This one fixes 433 different vulnerabilities. Overall,

this is not unusual given the wide range of products being covered here, and this is only being released every quarter.

There are a couple of sort of noteworthy critical vulnerabilities in commerce, also communication application, and Golden Gate that can be exploited without authentication.

There are also a few sort of healthcare-related applications being affected by these

vulnerabilities.

Given all the focus sort of in recent years on attacks against healthcare, certainly

something that you should pay attention to.

And then a couple of updates from GitHub to make open source software a bit more secure, at least more transparent.

One thing is a GitHub option now that if you're building NPM packages will include provenance information.

What this means is it will include information about how the particular package was built,

...