VMware Aria RCE – eSecurity Planet

The management plane is under pressure.

Browsers patch critical flaws, a government contractor breach balloons past 25 million, virtualization layers face RCE risk, and identity-driven attacks bypass traditional defenses. 

From driver’s license leaks to vishing intrusions, trust boundaries are being tested across the stack.

Read past newsletters here.

Here’s what you need to know:

Chrome Fixes Trio of High-Severity Flaws

Google released a Chrome update patching three high-severity flaws in its Media component, WebGPU shader compiler (Tint), and DevTools. 

Two flaws involve out-of-bounds memory access, which can be used for RCE, while a DevTools implementation issue could enable cross-origin or privilege boundary bypasses.

There are no reports of exploitation in the wild at the time of publication.

Patch Chrome to the latest version, disable unnecessary features like WebGPU via enterprise policy, enforce least privilege, and monitor endpoint and network telemetry for anomalous…