It’s the last week of the year everyone, and while there aren’t any major security releases to get out over the holidays, here are some of the more notable articles for the week.

A new Google Chrome exploit is sweeping the web where websites can force a system’s disk usage to 100%. Fossbytes details a tech support scam website that will falsely warn a user that their system is infected. Fortunately, this can be remediated by simply ending the Chrome task, but hopefully we will expect a Google Chrome update to fix this soon.

Our favorite security researcher, SandboxEscaper, has released her fourth proof of concept for the year and the second for the month on a Microsoft Windows zero-day vulnerability. BleepingComputer details the PoC where pci.sys gets overwritten, which ultimately bricks the operating system. This exploit appears to be hard to reproduce, but security researchers have confirmed the vulnerability. Following Microsoft’s response to the two previous vulnerabilities, we should expect a patch on the upcoming Patch Tuesday.

Third-Party Updates

Although there were no security releases for the week, we did have the usual list of non-security releases. These might not have any CVEs assigned to them, but they might contain important performance and stability improvements:

Software Title

Ivanti ID

Ivanti KB

GoodSync 10.9.21.6

GOODSYNC-107

QGS109216

Opera 57.0.3098.110

OPERA-196

QOP5703098110

Microsoft Power BI Desktop 2.65.5313.841

PBID-047

QBI2655313841

Notepad++ 7.6.2

NPPP-087

QNPPP762

KeePass Classic 1.37

KEEP-029

QKPC137

7-Zip 18.06

7ZIP-012

Q7ZIP1806