Tag: browser
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Von 6 Millionen Nutzern installiert: Diese Chrome-Erweiterung sammelt laut Experten heimlich deine ChatGPT-Daten
First seen on t3n.de Jump to article: t3n.de/news/6-millionen-nutzer-installiert-chrome-erweiterung-sammelt-heimlich-chatgpt-daten-1721943/
-
Mozilla Corporation installs Firefox driver in CEO reboot
Anthony Enzor-DeMeo picked to replace interim boss Laura Chambers First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/mozilla_corporation_new_ceo/
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
GhostPoster Malware Hit 50K Users via Firefox Extension Icons
The GhostPoster campaign hid malware inside Firefox extension icons, infecting tens of thousands of users through trusted add-ons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ghostposter-malware-hit-50k-users-via-firefox-extension-icons/
-
Google Chrome Extension is Intercepting Millions of Users’ AI Chats
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-chrome-extension-is-intercepting-millions-of-users-ai-chats/
-
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud.The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no…
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/
-
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the age of generative AI. Researchers using the Wings agentic”‘AI risk engine uncovered that Urban VPN…
-
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.The extension in question is Urban VPN Proxy, which has a 4.7 rating…
-
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then…
-
BSI prüft Chrome, 1Password und Co.: Was du über die Sicherheit von Passwortmanagern wissen musst
First seen on t3n.de Jump to article: t3n.de/news/bsi-prueft-chrome-1password-und-co-1721006/
-
CISA Alerts on Actively Exploited Google Chromium Zero-Day Flaw
Tags: access, browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild. The flaw, tracked asCVE-2025-14174, poses a significant risk to millions of users across multiple web browsers. Vulnerability Details Security researchers discovered an out-of-bounds memory access vulnerability within…
-
Google fixed a new actively exploited Chrome zero-day
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. >>Google is aware that an exploit for 466192044 exists in the wild,
-
Chrome Targeted by Active InWild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE identifier,…
-
Google Releases Critical Chrome Security Update to Address Three Zero-Days
Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-chrome-security-update/
-
Chrome Targeted by Active InWild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted to keep information about the CVE identifier,…
-
Google fixes eighth Chrome zero-day exploited in attacks in 2025
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/
-
Google warnt: Angriffe auf Chrome-Nutzer über mysteriöse Sicherheitslücke
Ein Notfallupdate für den Webbrowser Chrome schließt mehrere gefährliche Sicherheitslücken. Mindestens eine davon wird bereits ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-vor-sicherheitsluecke-chrome-nutzer-werden-attackiert-2512-203129.html
-
2025 Year of Browser Bugs Recap:
Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-dayAt the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
-
Google Chrome’s New AI Security Aims to Stop Hackers Cold
Google is also backing these measures with a $20,000 bounty for researchers who can demonstrate successful breaches of the new security boundaries. The post Google Chrome’s New AI Security Aims to Stop Hackers Cold appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-ai-security/
-
KI soll die KI kontrollieren – Wie Google die Agenten im Chrome-Browser absichern will
Um die KI-Agenten in Chrome abzusichern, will Google ein zweites KI-Modell in den Browser einbauen, das die autonomen Handlungen überwacht. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/ki-soll-die-ki-kontrollieren-wie-google-die-agenten-im-chrome-browser-absichern-will.95378
-
Gemini for Chrome gets a second AI agent to watch over it
Google’s two-model defense: To address these risks, Google’s solution splits the work between two AI models. The main Gemini model reads web content and decides what actions to take. The user alignment critic sees only metadata about proposed actions, not the web content that might contain malicious instructions.”This component is architected to see only metadata…
-
Google Confirms Rising ‘Account Takeovers’”, Users Told to Check Chrome Settings
Google warns Chrome users of rising “account takeovers” and urges stronger authentication to keep accounts and synced data safe. The post Google Confirms Rising ‘Account Takeovers’”, Users Told to Check Chrome Settings appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-account-takeover/
-
Google Confirms Rising ‘Account Takeovers’”, Users Told to Check Chrome Settings
Google warns Chrome users of rising “account takeovers” and urges stronger authentication to keep accounts and synced data safe. The post Google Confirms Rising ‘Account Takeovers’”, Users Told to Check Chrome Settings appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-account-takeover/