Tag: browser
-
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…
-
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities
Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
-
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities
Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
-
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw
Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on…
-
Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?
Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as… First seen on hackread.com Jump to article: hackread.com/google-chrome-autofill-passports-licenses-safe/
-
Chrome Expands Autofill to Passports, Licenses, and Vehicle Details
Google updates Chrome’s enhanced autofill to handle passports, driver’s licenses, and vehicle IDs like VINs, with opt-in confirmation and encryption. The post Chrome Expands Autofill to Passports, Licenses, and Vehicle Details appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-autofill-passports/
-
Chrome Expands Autofill to Passports, Licenses, and Vehicle Details
Google updates Chrome’s enhanced autofill to handle passports, driver’s licenses, and vehicle IDs like VINs, with opt-in confirmation and encryption. The post Chrome Expands Autofill to Passports, Licenses, and Vehicle Details appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-autofill-passports/
-
New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs
Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm. First seen on hackread.com Jump to article: hackread.com/dante-spyware-hacking-team-memento-labs/
-
Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid
Google released Chrome 142, fixing 20 flaws, including two high-severity V8 bugs, and awarded $100,000 in bug bounties. Google addressed 20 flaws in Chrome version 142, including high-severity bugs that impact the V8 engine. The IT giant awarded $100,000 in bounties for two issues in the V8 JavaScript engine. The two vulnerabilities are tracked as…
-
Chrome 142.0.7444.59 / 60 schließt Schwachstellen; Chromium 143.0.7483.0 mit schwerem Bug
Zum 28. Oktober 2025 hat Google den Chrome-Browser auf die Versionen 142.0.7444.59 / 60 aktualisiert, um gleich mehrere Schwachstellen zu schließen. Im Chromium-Zweig 143.0.7483.0 gibt es aber einen schweren Bug, der den Browser abstürzen lässt. Ich ziehe mal einige Informationen zu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/chrome-142-0-7444-59-60-schliesst-schwachstellen-chromium-143-0-7483-0-mit-schwerem-bug/
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence
Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence
Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
-
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, calledBrash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection. The attack exploits…
-
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, calledBrash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection. The attack exploits…
-
Chrome to Make HTTPS Mandatory by Default in 2026
Google Chrome will enhance security with enforced HTTPS connections from version 154, set for release in October 2026 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-https-mandatory-2026/
-
Mozilla Enforces Transparency Rules for Data Collection in New Firefox Extensions
Mozilla has announced a significant transparency initiative for its Firefox browser ecosystem, implementing mandatory data disclosure requirements for extension developers. Starting November 3rd, 2025, all newly submitted Firefox extensions must explicitly declare their data collection and transmission practices within their code, marking a major step toward enhanced user privacy and informed consent. New Manifest Requirements…
-
Google Chrome to warn users before opening insecure HTTP sites
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-to-warn-users-before-opening-insecure-http-sites/
-
Firefox testet verschlüsselte Sofortsuche das Comeback des rebellischen Browsers
Tags: browserFirefox will mehr als nur ‘browsen”. Mit der verschlüsselten Sofortsuche startet Mozilla sein Comeback als Datenschutz-Rebell. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/internet/firefox-testet-verschluesselte-sofortsuche-das-comeback-des-rebellischen-browsers-322262.html
-
Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori
A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-zero-day-flaw-exploited/
-
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/dante-spyware-chrome-zero-day/
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Atlas browser exploit lets attackers hijack ChatGPT memory
Tags: ai, attack, browser, business, ceo, chatgpt, chrome, cloud, credentials, detection, exploit, identity, mitigation, monitoring, phishing, soc, threat, update, vulnerabilityHow to detect a hit: Detecting a memory-based compromise in ChatGPT Atlas is not like hunting for traditional malware. There are no files, registry keys, or executables to isolate. Instead, security teams need to look for behavioral anomalies such as subtle shifts in how the assistant responds, what it suggests, and when it does so.”There…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
-
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign
The post Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kaspersky-exposes-chrome-zero-day-rce-cve-2025-2783-delivering-memento-labs-spyware-in-forumtroll-campaign/
-
Memento Labs, the ghost of Hacking Team, has returned, or maybe it was never gone at all.
Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of…
-
Memento Spyware Tied to Chrome Zero-Day Attacks
While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/memento-spyware-chrome-zero-day-attacks