Tag: browser
-
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs.”It logs keystrokes, dumps cookies and session tokens, captures screenshots, and First seen…
-
Quelloffener EClient – Thunderbird 149 und ein Update für 140.9 ESR verfügbar
Beim Browser Firefox 149 gibt es diesen Monat eine große Neuigkeit, der E-Mail-Client Thunderbird 149 geht es da gemächlicher an. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/quelloffener-e-mai-client-thunderbird-149-und-ein-update-fuer-140-9-esr-verfuegbar.96680
-
Mozilla Releases Firefox”¯149.0 With Free Built”‘In VPN Offering 50″¯GB Monthly Data
Mozilla released Firefox 149.0 to the Release channel, bringing a significant set of privacy and security enhancements to the browser. The standout feature of this update is the integration of a free, built-in VPN designed to protect users on public networks and secure sensitive browsing activities. The new built-in VPN routes web traffic through a…
-
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/
-
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/
-
50 GB Datenvolumen inklusive – Kostenloser VPN ab sofort direkt in Firefox 149 verfügbar
Mit Firefox 149 zieht ein kostenloser VPN-Dienst von Mozilla in den Browser ein ohne extra Installation und mit 50 GB/Monat Datenvolumen. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/50-gb-datenvolumen-inklusive-kostenloser-vpn-ab-sofort-direkt-in-firefox-149-verfuegbar.96674
-
Firefox now has a free built-in VPN with 50GB monthly data limit
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firefox-now-has-a-free-built-in-vpn-with-50gb-monthly-data-limit/
-
Firefox now has a free built-in VPN with 50GB monthly data limit
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firefox-now-has-a-free-built-in-vpn-with-50gb-monthly-data-limit/
-
Chrome Security Update Fixes 8 Vulnerabilities That Could Enable Remote Code Execution
Google has released a crucial security update for its Chrome browser, addressing eight high-severity vulnerabilities. Users are strongly advised to update their browsers immediately to protect their systems from potential remote code execution attacks. The stable channel update rolls out versions 146.0.7680.164 and 146.0.7680.165 for Windows and Mac users, while Linux users will receive version…
-
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Malware with many tricks: VoidStealer is part of a broader shift in how infostealers are evolving post-ABE. The malware already supports multiple bypass techniques, falling back to older injection-based methods if needed, but clearly prioritizing stealth where possible.Krejsa also warned of its development pace. Since first appearing in December 2025, the malware has evolved quickly…
-
VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation
A new variant of the MaaS infostealer VoidStealer has become the first malware observed in the wild to weaponize a debugger”‘based bypass for Google Chrome’s Application”‘Bound Encryption (ABE), using hardware breakpoints to steal Chrome’s v20_master_key directly from browser memory. Unlike previous ABE bypasses, this method requires neither SYSTEM”‘level privilege escalation nor code injection into the…
-
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/
-
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution
Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Crypto Scam ShieldGuard Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/
-
Firefox is getting a free built-in VPN
Mozilla is adding a free built-in VPN to Firefox, with the feature arriving in Firefox 149 on March 24. Privacy concerns often follow free VPN services, especially when … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/mozilla-firefox-free-built-in-vpn/
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
âš¡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a…
-
Aktiv ausgenutzte Sicherheitslücken entdeckt: Dieses Update für Google Chrome musst du jetzt installieren
First seen on t3n.de Jump to article: t3n.de/news/google-chrome-aktiv-ausgenutzte-sicherheitsluecke-update-1733831/
-
U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google released security updates to address two high-severity vulnerabilities,…
-
Critical Chrome Security Flaws Threaten Billions of Users Worldwide
Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update. The post Critical Chrome Security Flaws Threaten Billions of Users Worldwide appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-zero-day-vulnerabilities-exploited-update/
-
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google patched two Chrome zero-day vulnerabilities actively exploited in the wild that could allow code execution or browser crashes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-two-chrome-zero-day-vulnerabilities-actively-exploited-in-the-wild/
-
Google patches two Chrome zero-days under active attack. Update now
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now/
-
Google rushes Chrome update fixing two zero-days already under attack
Skia graphics lib and V8 JavaScript engine brings browser’s tally of actively exploited bugs to three in 2026 First seen on theregister.com Jump to article: www.theregister.com/2026/03/13/google_zeroday_chrome_update/
-
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. >>Google is aware that exploits for…
-
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.The list of vulnerabilities is as follows -CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory…
-
Ein falscher Klick genügt: Chrome-Nutzer werden attackiert
Zwei gefährliche Sicherheitslücken in Google Chrome werden aktiv ausgenutzt. Ein einfacher Webseitenbesuch reicht, um Schadcode einzuschleusen. First seen on golem.de Jump to article: www.golem.de/news/ein-falscher-klick-genuegt-chrome-nutzer-werden-attackiert-2603-206442.html
-
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
-
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code
Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…