14 Apr 2021

Google Patches More Under-Attack Chrome Zero-days

Google has moved to patch more Chrome zero-days that are actively under attack as it seems as though Google’s problems with in-the-wild Chrome zero-days are multiplying rapidly. The vulnerabilities patched affect Windows, macOS, and Linux users, pertaining to CVE-2021-21206 and CVE-2021-21220. Google did not provide any other details on the

Read More
18 Dec 2020

3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons

Avast Threat Intelligence has identified malware hidden in twenty-eight popular Google Chrome and Microsoft Edge extensions. The extensions are all used for social media sites such as Facebook, Instagram, and Vimeo. Security researchers advise users to uninstall the extensions, which boast 3 million downloads in total. The most popular extensions

Read More
07 Dec 2020

High-Severity Chrome Bugs Allow Browser Hacks

Google has issued an update for its Chrome web browser, fixing several vulnerabilities that could allow a threat actor to conduct computer compromise through a browser hack. The bug affects desktop versions of the browser, and the update fixed a total of eight bugs present within the current version with

Read More
12 Nov 2020

Google patches two more Chrome zero-days

In its latest set of updates, Google released two patches for Chrome zero-day vulnerabilities being exploited in the wild. Over the past three weeks, Google has patched a total of five zero-day flaws in Chrome. The bugs affect Chrome version 86.0.4240.198, and it is recommended that the updates be implemented

Read More
25 Aug 2020

Google Fixes High-Severity Chrome Browser Code Execution Bug

Google Chrome users will receive a patch later this week that fixes a severe vulnerability that can be manipulated by attackers to execute arbitrary code. The flaw lied in the Chrome 85 stable channel, however, has since been fixed by the company. The flaw is a bug in the WebGL

Read More
11 Aug 2020

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

A new vulnerability discovered by researchers allows attackers to bypass Content Security Policy protections and steal data from website visitors. The vulnerability lies in Google’s Chromium-based browsers versions 73 through 83 and has since been patched by Chrome in version 84, which was released in July. Through leveraging the vulnerability,

Read More
20 Apr 2020

GitHub Shares Details on Six Chrome Vulnerabilities

GitHub has released new information on six vulnerabilities that were uncovered by one of its security researchers. The vulnerabilities are in the WebAudio component of Chrome. The vulnerabilities were reported to Google by GitHub Security Lab in February and March. The security researcher identified several Chrome sandbox escape vulnerabilities, and

Read More
25 Mar 2020

Apple blocks third-party cookies in Safari

Apple released Safari 13.1 yesterday, which included new updates to Safari’s Intelligence Tracking Prevention (ITP) privacy feature. The most major shift was that Apple products will now block all third-party cookies while in Safari by default. Apple’s latest move means that online advertisers and analytics firms will not be able

Read More
27 Feb 2020

A Small Change To Google Chrome Hits Cybercrime Marketplace Hard

Google recently introduced a seemingly subtle change in the newest version of its Chome web browser, version 80. The feature makes the credentials that users save in Chrome’s password manager more secure, and it has already generated a large impact on the underground criminal enterprise. The Genesis Store has operated

Read More
17 Feb 2020

500 Malicious Chrome Extensions Impact Millions of Users

Duo Security released an analysis on Thursday claiming that over 500 malicious Chrome extensions were secretly collecting browser data and redirecting users to websites containing malware. Researchers at Duo Security stated that the extensions have since been removed from Google’s Chrome Web Store, but that they were previously downloaded millions

Read More