Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers […]
An ongoing, widespread Chromeloader malware campaign has been warned by Microsoft and VMware. It has been identified that this malicious campaign is dropping node-WebKit malware and ransomware, as well as dangerous browser extensions. ChromeLoader was observed in the wild for the first time in January 2022 for Windows users and in March 2022 for Mac […]
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for […]
New variants of ChromeLoader, a malware that steals information from websites, have been discovered by security researchers at Palo Alto Networks Unit 42, demonstrating how quickly the malware is evolving its features over time. Malware such as ChromeLoader hijacks victims’ browser searches to display advertisements and hacks their browser search engine results. In January 2022, […]
Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims’ browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR […]
In many cases, security vulnerabilities appear that affect the programs that we use on a day-to-day basis. A clear example is the browser. It may have vulnerabilities and that can allow a hacker to break in and steal passwords or personal information. That is what is happening now with Google Chrome and you should update […]
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to […]
Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, […]
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could “allow an attacker to execute arbitrary code in the context of […]
Google is preparing to promote Chrome 102 to take its place after releasing Chrome 101 just over a month ago. The new Chrome release is chock-full of developer-oriented features, which isn’t necessarily negative. Instead, it means that online programs and applications will only get more powerful in the next few years. More web app improvements, […]
A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a “pervasive and persistent browser hijacker that modifies its victims’ browser settings and redirects user traffic to advertisement websites,” Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome […]
Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug […]
Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again “reflective of the regime’s immediate concerns and priorities,” are said to have targeted U.S. […]
Google has issued an update for Chrome users on Windows, Linux and macOS operating systems in order to address a zero-day vulnerability that could have been actively exploited by malicious hackers, in addition to addressing other severe vulnerabilities affecting all versions of the popular browser. While the company reserved technical details about the vulnerabilities due […]
Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that’s being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, […]
In an ongoing campaign, the threat actors are distributing Magniber ransomware as an update through modern web browsers. Cybersecurity researchers at ASEC have closely monitored Magniber and reported that to deploy this ransomware the operators behind it are actively exploiting the Internet Explorer (IE) vulnerabilities for the last couple of years. But, now apart from […]
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102, the flaw relates to a use-after-free bug in the V8 JavaScript and […]
Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield, and NoxPlayer, to lure users into downloading an undocumented, malicious Google Chrome extension and a […]
A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well […]
The prime target of this malware campaign is unsuspecting users on Windows 10. Rapid7 Managed Detection and Response team has shared details of their newly identified malware campaign, urging unsuspecting Windows users to remain cautious. This campaign is designed to steal sensitive data and cryptocurrency from infected PCs. In the latest campaign, the attackers install […]
AllBlock was available on Google Chrome’s Web Store where it is marketed as a potent Ad Blocker focusing on Facebook and YouTube to prevent pop-ups. Google has maintained that it takes the security of Chrome extensions very seriously and regularly vets them to prevent exploitation. However, the new report from Imperva reveals that maybe Google […]