Tag: browser
-
Hackers Exploiting Chrome Zero”‘Day Vulnerability in the Wild
A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent threat (APT) group Team46, also known as TaxOff. The Attack Campaign The first signs of…
-
Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign
The post Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/team46-taxoff-exploits-google-chrome-zero-day-cve-2025-2783-in-sophisticated-phishing-campaign/
-
Palo Alto Networks fixed multiple privilege escalation flaws
Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability, tracked…
-
Google Chrome to Distrust Chunghwa Telecom and Netlock Certificate Authorities (CAs)”, What’s Next?
Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of compliance failures and a lack of measurable progress in addressing publicly reported issues. Chunghwa Telecom is Taiwan’s largest integrated……
-
Is Google Password Manager Safe to Use in 2025?
Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/is-google-password-manager-safe/
-
Multiple Chrome Flaws Enable Remote Code Execution by Attackers
Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for users. The official changelog provides a detailed breakdown of all modifications and enhancements included in…
-
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites.”Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan First seen on thehackernews.com Jump to…
-
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: >Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate…
-
âš¡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways”, through delays, odd behavior, or subtle gaps in control.This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look…
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/08/week-in-review-google-fixes-exploited-chrome-zero-day-patch-tuesday-forecast/
-
Popular Chrome Extensions Found Leaking Data via Unencrypted Connections
Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users. First seen on hackread.com Jump to article: hackread.com/popular-chrome-extensions-data-leak-unencrypted-connection/
-
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers
Tags: browser, chrome, credentials, cyber, cybersecurity, data, google, login, malware, microsoft, programming, rust, threatA newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of Chromium-based browsers such as Google Chrome, Microsoft Edge, and others. Dubbed >>RustStealer
-
Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code. This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data…
-
Chrome und Edge Notfall-Updates und Ärger in Chrome/Edge 137
Kurzer Nachtrag aus den letzten Tagen. Sowohl Google musste dem Chrome-Browser als auch Microsoft dem auf Chromium basierenden Edge-Browser ein dringendes Sicherheitsupdate spendieren. Hintergrund sind Sicherheitslücken, die wohl in freier Wildbahn von Bedrohungsakteuren ausgenutzt wurden. Zudem habe ich zwei Lesermeldungen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/06/chrome-und-edge-notfall-updates-und-edge-aerger/
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Google to drop trust of Chunghwa and NetLock certificates from Chrome
First seen on scworld.com Jump to article: www.scworld.com/news/google-to-drop-trust-of-chunghwa-and-netlock-certificates-from-chrome
-
Two certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
2 certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/google-fixes-chrome-zero-day-with-in-the-wild-exploit-cve-2025-5419/
-
New Malware Attack Uses Malicious Chrome Edge Extensions to Steal Sensitive Data
Cybersecurity experts from Positive Technologies’ Security Expert Center have uncovered a sophisticated malicious campaign dubbed >>Phantom Enigma,
-
Emergency Chrome Update to Fix Actively Exploited CVE-2025-5419
In an unusual out-of-band release, Google has issued an urgent update to its Chrome browser to patch three security vulnerabilities, including one that is currently being exploited in real-world attacks. Critical Vulnerability in Chrome’s V8 Engine The most serious of… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/update-chrome-cve-2025-5419/
-
Google patches third zero-day flaw in Chrome this year
Vulnerability in the JavaScript engine: The Chrome team described the vulnerability as an out of bounds memory read and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is used in other projects as well, including the Node.js runtime. Because the engine is designed to interpret and execute JavaScript and…
-
Chrome Drops Trust for Chunghwa, Netlock Certificates
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/chrome-drop-trust-chunghwa-netlock-certificates
-
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/google_chrome_zero_day_emergency_fix/
-
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/