Tag: browser
-
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/
-
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
-
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will…
-
Notfallupdate: Aktiv ausgenutzte Chrome-Lücke gefährdet Nutzer
Wer Google Chrome verwendet, sollte den Browser dringend aktualisieren. Mehrere gefährliche Schwachstellen wurden gepatcht. Eine davon wird bereits aktiv ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-aktiv-ausgenutzte-chrome-luecke-gefaehrdet-nutzer-2506-196771.html
-
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.”Out of bounds…
-
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/
-
Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs
Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/mozilla-releases-firefox-13901-update-to-fix-artifacts-on-nvidia-gpus/
-
New Silent Push Chrome tool delivers real-time cyber intel
First seen on scworld.com Jump to article: www.scworld.com/brief/new-silent-push-chrome-tool-delivers-real-time-cyber-intel
-
Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
The Chrome team at Google has officially released Chrome 137 to the stable channel for Windows, Mac, and Linux platforms. This update, version 137.0.7151.55/56, brings a host of security improvements, bug fixes, and technical enhancements, reinforcing Chrome’s position as a leading web browser for both everyday users and enterprise environments. Security Enhancements and Technical Fixes…
-
Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code
Mozilla has released Firefox 139, addressing several critical and moderate security vulnerabilities that posed significant risks to users. The update, announced on May 27, 2025, resolves issues ranging from memory corruption and local code execution to cross-origin data leaks, reinforcing Firefox’s commitment to user safety. Double-Free in libvpx Encoder: One of the most severe vulnerabilities…
-
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
Tags: access, browser, cve, cyber, data, exploit, remote-code-execution, risk, vulnerability, zero-dayAt this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities”, CVE-2025-4918 and CVE-2025-4919″, were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access, raising the risk of remote code execution and sensitive data exposure. However, neither exploit succeeded in escaping…
-
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials
Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
-
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tacticsCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…
-
Chrome-Sicherheitsupdate schließt Schwachstelle CVE-2025-4664 (14. Mai 2025)
Kleiner Nachtrag zum Google Chrome-Browser. Zum 14. Mai 2025 hat Google den Chrome-Browser auf die Versionen 136.0.7103.113/.114 aktualisiert, um die Schwachstelle CVE-2025-4664 zu schließen. Die Tage sind mir einige Informationen zu dieser Schwachstelle untergekommen, die ich nachfolgend kurz einstelle. Google … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/24/chrome-sicherheitsupdate-schliesst-schwachstelle-cve-2025-4664/
-
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity
A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately. First seen on hackread.com Jump to article: hackread.com/chrome-0-day-cve-2025-4664-windows-linux-browser-activity/
-
Google Chrome’s Built-in Manager Lets Users Update Breached Passwords with One Click
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Legitimate tools spoofed by infostealing Chrome extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/legitimate-tools-spoofed-by-infostealing-chrome-extensions
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Schwachstelle in Chrome wird derzeit aktiv ausgenutzt
Eine Anfang Mai bekannt gewordene Sicherheitslücke in Google Chrome wird derzeit aktiv ausgenutzt, wie die US-Sicherheitsbehörde CISA warnt. Nutzer sollten schnellstmöglich ein Update durchführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/schwachstelle-in-chrome-wird-derzeit-aktiv-ausgenutzt
-
Newly discovered Firefox zero-days addressed
First seen on scworld.com Jump to article: www.scworld.com/brief/newly-discovered-firefox-zero-days-addressed
-
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
-
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features
Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform functionality, and enhancing build system reliability. This release integrates critical Firefox security patches, resolves longstanding privacy-related bugs, and implements infrastructural improvements to streamline future development. Tor Browser 14.5.2 prioritizes security by rebasing its underlying engine on Firefox 128.10.1esr, Mozilla’s Extended…
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities in the Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. >>This week at the security hacking competition pwn2own, security researchers…
-
Mozilla fixes Firefox zero-days exploited at hacking contest
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-days-exploited-at-hacking-contest/
-
Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser
Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential… First seen on hackread.com Jump to article: hackread.com/firefox-tests-ai-powered-perplexity-search-in-browser/
-
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below -CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could…