Kinetic Potential Blog

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.

The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and the nature of the flaw under wraps.

However, a GitHub commit for the Chromium bug ID has revealed that the issue resides in Google's open-source Almost Native Graphics Layer Engine (ANGLE) library, with the commit message stating "Metal: Don't use pixelsDepthPitch to size buffers. pixelsDepthPitch is based on GL_UNPACK_IMAGE_HEIGHT, which can be smaller than the image height."

Google recently addressed a Gemini Enterprise vulnerability that could have been exploited by threat actors to obtain potentially sensitive corporate data, according to AI security firm Noma Security.

Dubbed GeminiJack, the attack method did not require any user interaction. Sending a specially crafted document, calendar invite, or email was enough to exploit the flaw, which Noma described as “an architectural weakness in the way enterprise AI systems interpret information”.

Gemini Enterprise is an agentic platform designed to enable large organizations to automate complex, multi-step business workflows across their entire technology stack.

GeminiJack leveraged the fact that Gemini Enterprise has access to various Google services used by an organization, including Gmail, Docs, Calendar, and other Workspace components.