Tag: browser
-
Chrome UAF Process Vulnerabilities Actively Exploited
by
in SecurityNewsSecurity researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser process were actively exploited in the wild, exposing users to potential sandbox escapes and arbitrary code execution. However, Google’s deployment of the MiraclePtr defense mechanism ensures these flaws are no longer exploitable, marking a significant milestone in browser security. Technical Analysis…
-
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
by
in SecurityNewsResearchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-extension-ai-engine-act-mcp/
-
Google Chrome Keeps Third-Party Cookies Settings, Lets Users ‘Make an Informed Choice’
by
in SecurityNewsPrivacy Sandbox, originally pitched as an alternative to cross-site ad tracking, will not show a standalone prompt. Instead, Chrome is readying a different “informed choice.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/new-google-chrome-privacy-sandbox-third-party-ads/
-
Over 6 Million Chrome Extensions Found Executing Remote Commands
by
in SecurityNewsSecurity researchers have uncovered a network of over 35 Google Chrome extensions”, collectively installed on more than 6 million browsers”, secretly executing remote commands and potentially spying on users for years. The alarming discovery began during a routine security review at an organization using a monitoring feature provided by Secure Annex. Among a list of…
-
Chrome extensions with 6 million installs have hidden tracking code
by
in SecurityNewsA set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/
-
Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition
by
in SecurityNewsMozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The fix comes following the discovery and reporting of the vulnerability by the Mozilla Fuzzing Team, as detailed in Mozilla Foundation Security Advisory 2025-25. Details of the Vulnerability The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of…
-
After 20 Years, Google Patches Major Web Privacy Vulnerability
by
in SecurityNewsAfter two decades of persistent concern among privacy advocates and web security researchers, Google is finally rolling out a fix for a long-standing vulnerability in Chrome that has silently exposed users’ browsing history. The issue stems from how browsers have… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/chrome-136-ends-20-year-privacy-leak/
-
Chrome 136 fixes 20-year browser history privacy risk
Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users’ browsing history through the previously visited links. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chrome-136-fixes-20-year-browser-history-privacy-risk/
-
Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware
by
in SecurityNewsCybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with downloads that appear legitimate, including apps like Google Chrome. The sites are engineered with features…
-
Google launches unified enterprise security platform, announces AI security agents
by
in SecurityNewsCloud security enhancements: The Google Cloud Platform (GCP) Security Command Center will gain new capabilities for protecting cloud workloads, especially those related to AI model use.Model Armor, a feature that’s part of GCP’s existing AI Protection service, will allow customers to apply content safety and security controls to prompts that are sent to self-hosted AI…
-
BSidesLV24 Breaking Ground Chrome Cookie Theft On macOS, And How To Prevent It
by
in SecurityNewsAuthor/Presenter: Nick Frost Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-breaking-ground-chrome-cookie-theft-on-macos-and-how-to-prevent-it/
-
Google to Patch 23-Year-Old Chrome Bug That Leaked Browsing History
by
in SecurityNewsGoogle has announced a groundbreaking update to its Chrome browser that addresses a vulnerability in the web browser’s code, which has been leaking users’ browsing history for over two decades. This long-standing issue stems from the CSS:visitedselector”, a web design feature that allows websites to stylize previously visited links. While originally designed to improve user…
-
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
by
in SecurityNewsIntroduction About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind his RequestAADRefreshToken proof-of-concept (POC). In short, on Entra ID joined (including hybrid joined) hosts, it’s possible to obtain a primary refresh token (PRT) cookie from the logged in user’s logon session, enabling an attacker to satisfy single-sign-on (SSO)…
-
Chrome to patch decades-old flaw that let sites peek at your history
After 23 years, the privacy plumber has finally arrived to clean up this mess First seen on theregister.com Jump to article: www.theregister.com/2025/04/07/chrome_135_history_sniffing/
-
New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data
by
in SecurityNewsA newly discovered credit card skimming campaign, dubbed >>RolandSkimmer,
-
Firefox 137 Launches with Patches for High-Severity Security Flaws
by
in SecurityNewsMozilla has officially launched Firefox 137 with crucial security fixes aimed at addressing several high-severity vulnerabilities reported by security researchers. As part of its April 1, 2025, Mozilla Foundation Security Advisory (MFSA 2025-20), the foundation detailed three significant Common Vulnerabilities and Exposures (CVEs), which could have permitted attackers to exploit users’ machines through various means,…
-
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
by
in SecurityNewsChrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities. The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-135-firefox-137-patch-high-severity-vulnerabilities/
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
UK Cybersecurity Weekly News Roundup 31 March 2025
by
in SecurityNews
Tags: attack, best-practice, browser, chrome, computing, cryptography, cve, cyber, cybersecurity, exploit, flaw, framework, google, government, healthcare, incident, infrastructure, ransomware, risk, risk-assessment, software, threat, update, vulnerability, zero-dayUK Cybersecurity Weekly News Roundup – 31 March 2025 Welcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Warned of Inadequate Readiness Against State-Backed Cyberattacks Cybersecurity experts have sounded the alarm over the UK’s growing vulnerability to state-sponsored cyber threats. A…
-
Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 Sicherheitsfixes Firefox 137, 128.9 ESR und 115.22 ESR kommt
by
in SecurityNewsZum 27. März 2025 haben die Mozilla-Entwickler Sicherheitsfixes für den Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 als Wartungsupdate veröffentlicht. Es werden kritische Schwachstellen beseitigt. Laut den Release Notes für den Firefox 136.0.4 nur Sicherheitsfixes, die im Sicherheitshinweis mfsa2025-19 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/31/firefox-136-0-4-firefox-esr-128-8-1-firefox-esr-115-21-1-sicherheitsfixes/
-
UK Cybersecurity Weekly News Roundup 31 March 2025
by
in SecurityNews
Tags: attack, best-practice, browser, chrome, computing, cryptography, cve, cyber, cybersecurity, exploit, flaw, framework, google, government, healthcare, incident, infrastructure, ransomware, risk, risk-assessment, software, threat, update, vulnerability, zero-dayUK Cybersecurity Weekly News Roundup – 31 March 2025 Welcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Warned of Inadequate Readiness Against State-Backed Cyberattacks Cybersecurity experts have sounded the alarm over the UK’s growing vulnerability to state-sponsored cyber threats. A…
-
âš¡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
by
in SecurityNewsEvery week, someone somewhere slips up”, and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks?Step behind the curtain with us this week as we explore breaches…
-
Cyberspionage in Russland – Aktiv ausgenutzter Zero-Day-Exploit in Google Chrome
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-chrome-sandbox-umgehung-kaspersky-a-5cc1e2fae2e2dc9392ea2cf85b8cd384/
-
Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/30/week-in-review-chrome-sandbox-escape-0-day-fixed-microsoft-adds-new-ai-agents-to-security-copilot/
-
Firefox patches flaw similar to exploited Chrome zero-day
First seen on scworld.com Jump to article: www.scworld.com/news/firefox-patches-flaw-similar-to-exploited-chrome-zero-day
-
Firefox fixes flaw similar to Chrome zero-day used against Russian organizations
by
in SecurityNewsDevelopers of Mozilla’s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser. First seen on therecord.media Jump to article: therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
-
CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has released several important security advisories, which address critical vulnerabilities across a range of platforms, including industrial control systems (ICS). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-4/
-
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows First seen on theregister.com Jump to article: www.theregister.com/2025/03/28/google_kaspersky_mozilla/