Tag: browser
-
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/
-
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.”Following the…
-
Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-kritische-sandbox-luecke-in-firefox-und-tor-browser-entdeckt-2503-194773.html
-
Mozilla warns Windows users of critical Firefox sandbox escape flaw
Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
Google Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
-
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/
-
New Chrome Installer Fails on Windows 10 11 With >>This app can’t run on your PC<< Error
A recent snag in Google’s Chrome distribution process has left Windows users unable to install the browser on their Intel and AMD systems. The issue, first reported by Windows Latest on March 25, arises when users attempt to run the ChromeSetup.exe file, only to be met with the error message: >>This app can’t run on your PC:…
-
Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability
Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser. The update was made available on Tuesday, March 25, 2025, as part of the Stable Channel Update for Desktop. This release includes a crucial fix for the vulnerability and will…
-
Google fixed the first actively exploited Chrome zero-day since the start of the year
Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked asCVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle…
-
Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
Angreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. First seen on golem.de Jump to article: www.golem.de/news/dringend-patchen-gefaehrliche-zero-day-luecke-in-chrome-fuer-spionage-ausgenutzt-2503-194682.html
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild
Google has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783. This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections. The update, version 134.0.6998.177 for Windows, addresses this critical issue and is set to roll out over the coming days.…
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
Tags: attack, browser, chrome, cve, exploit, google, kaspersky, remote-code-execution, vulnerability, zero-dayThe vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
-
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive…
-
Advanced Malware Targets Cryptocurrency Wallets
More attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers. The malware targets many widely used cryptocurrency wallet browser extensions: 1. Bitget Wallet (Formerly BitKeep) 2. Trust Wallet 3. TronLink…
-
New phishing campaign uses scareware to steal Apple credentials
The campaign previously targeted Windows users: According to LayerX researchers, the campaign has been seen targeting Mac users only in the last few months. Initially, it targeted Windows users by masquerading as Microsoft security alerts.Designed to steal user credentials, threat actors have apparently shifted focus to Mac users owing to new security features being rolled…
-
Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code
Google has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden digital landscape. The latest version, 134.0.6998.117/.118, is being rolled out across Windows, Mac, and Linux…
-
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw. The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-critical-chrome-bug-capital-one-hacker-resententencing-story-of-expat-flaw/
-
Google warnt: Kritische Sicherheitslücke in Chrome gefährdet Nutzer
Viele Details nennt Google zu der Chrome-Lücke nicht, eine Schadcodeausführung ist aber nicht auszuschließen. Angriffe gelingen aus der Ferne. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-kritische-sicherheitsluecke-in-chrome-gefaehrdet-nutzer-2503-194497.html
-
How to detect Headless Chrome bots instrumented with Playwright?
Headless Chrome bots powered by Playwright have become a go-to tool for bot developers due to their flexibility and efficiency. Playwright’s cross-browser capabilities, coupled with an API similar to Puppeteer and the lightweight nature of Headless Chrome, make it a powerful choice for tasks like web scraping, credential First seen on securityboulevard.com Jump to article:…
-
Microsoft identifies new RAT targeting cryptocurrency wallets and more
A previously unreported remote access trojan that Microsoft researchers dubbed StilachiRAT is designed to steal a wide range of data, including information about cryptocurrency wallet extensions for Google’s Chrome browser. First seen on therecord.media Jump to article: therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets
-
Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers
A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-researcher-llm/