Google on Tuesday said it’s piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against “some” Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech […]
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said. “If […]
Google Chrome has released its stable channel update version 20.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows. However, Google stated that this new security update will roll out in the upcoming days/weeks. The extended stable channel has also been updated to 120.0.6099.234 for Mac and 120.0.6099.225 for Windows. Document Run Free ThreatScan on […]
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes […]
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of […]
In-depth Analysis: Navigating the Perils of CVE-2023-5218 in Google Chrome The digital realm, while offering boundless possibilities, is also a fertile ground for myriad cybersecurity threats. One such peril that has recently come to light is the User-After-Free vulnerability in Google Chrome, specifically identified as CVE-2023-5218. This vulnerability not only poses a significant threat to […]
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of […]
Google has designated a brand new CVE number for a major security vulnerability that has been discovered in the libwebp image library, which is used for displaying pictures in the WebP format. This flaw has been found to be exploited in the wild by malicious users. A major vulnerability that existed in Google Chrome for […]
Cybercriminals are using malicious Chrome extensions to steal Facebook login information in a recent operation. The reports shared by Malwarebytes Labs also stated that sponsored posts and accounts impersonating Meta/Facebook’s Ads Manager have become more prevalent. With a focus on Facebook advertising accounts, threat actors like DuckTail, which have been active for a while, have […]
The most widely used web browser in the world, Google Chrome, has been found to have a critical zero-day vulnerability that has been actively exploited in the wild. Confirming the severity of the danger, Google rapidly sent fixes to desktop versions of the Chrome browser on Tuesday in order to close the security vulnerability discovered […]
The previous week, Google put out an emergency security fix for its browser, and today, the company rolled out another emergency security update to address a vulnerability that is being exploited in the wild.The update is now available for desktop versions of Google Chrome as well as the Android version of Chrome. Users are encouraged […]
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and […]
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of […]
A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. “By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid […]
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. “These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,” AhnLab Security Emergency response Center (ASEC) said […]
Researchers from the cyber security firm Imperva Red Team have disclosed information on a newly found and fixed vulnerability that affected over 2.5 billion Google Chrome users as well as all Chromium-based browsers such as Edge and Opera. The vulnerability, which is identified as CVE-2022-3656, makes it possible for remote attackers to acquire sensitive user […]
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on […]
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. “Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary […]
Google sent out emergency patches for its Chrome web browser on Thursday to fix a security hole that the company says is being used in the wild.Google called the high-risk bug a GPU heap buffer overflow and gave it the number CVE-2022-4135. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group is said […]
In order to steal cryptocurrency and clipboard contents, ViperSoftX was detected by the security analysts at Avast, a Windows malware that is using a Google Chrome extension called VenomSoftX. A JavaScript-based RAT and crypto-hijacker are hidden within this Chrome extension which constantly attempts to steal the cryptocurrency and clipboard contents. Approximately 93,000 ViperSoftX infection attempts […]
Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers […]