Tag: browser
-
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/
-
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément…
-
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.”Insufficient validation of…
-
Sicherheitslücke: Hacker attackieren Chrome-Nutzer per Sandbox-Escape
In Google Chrome klaffen mehrere gefährliche Sicherheitslücken. Eine wird schon aktiv ausgenutzt und ermöglicht einen Ausbruch aus der Sandbox. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-zero-day-luecke-in-chrome-laesst-hacker-aus-sandbox-ausbrechen-2507-198152.html
-
Google Chrome 0-Day Vulnerability Under Active Exploitation
Google has released an emergency security update for Chrome 138 to address a critical zero-day vulnerability that is actively being exploited in the wild. The vulnerability, tracked as CVE-2025-6558, affects the browser’s ANGLE and GPU components and has prompted immediate action from Google’s security team to protect users from ongoing attacks. Critical Zero-Day Vulnerability Discovered…
-
Crypto Roundup: Malicious Firefox Extensions
Also: Winkle Abduction Sentencing and Crypto Theft Rising. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee. First seen on govinfosecurity.com…
-
Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures. The new device-level security setting, available on Android 16 with Chrome 137+, offers comprehensive protection against sophisticated cyber threats through three key security enhancements. The…
-
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
These extensions weren’t malware-laced from the start, researcher says First seen on theregister.com Jump to article: www.theregister.com/2025/07/08/browser_hijacking_campaign/
-
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/
-
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
-
Eight Malicious Firefox Extensions Expose Users to Credential Theft and Surveillance
The Socket Threat Research Team recently discovered a troubling network of malicious Firefox browser extensions that pose serious threats to user security and privacy. Initially focusing on a single extension, >>Shell Shockers,>mre1903.
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
-
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/06/week-in-review-sudo-local-privilege-escalation-flaws-fixed-google-patches-actively-exploited-chrome/
-
Firefox store littered with crypto-pilfering extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/firefox-store-littered-with-crypto-pilfering-extensions
-
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.”These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox First seen on thehackernews.com…
-
Actively exploited Chrome zero-day addressed
First seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-chrome-zero-day-addressed
-
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626960/Google-fixes-type-confusion-flaw-in-Chrome-browser
-
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dozens-of-fake-wallet-add-ons-flood-firefox-store-to-drain-crypto/
-
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
Chained with a legacy flaw for RCE : Oligo demonstrated that the attack vector combines two independent flaws. Attackers could chain the legacy “0.0.0.0-day” browser flaw, which lets web pages send requests to 0.0.0.0 address that browsers treat like localhost, to a CSRF-style attack leveraging the Inspector proxy’s vulnerable “/sse” endpoint that accepts commands via query…
-
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. >>Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker…
-
Chrome Zero-Day, ‘FoxyWallet’ Firefox Attacks Threaten Browsers
Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/browsers-targeted-chrome-zero-day-malicious-firefox-extensions
-
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025
Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/
-
Chrome Zero-Day CVE-2025-6554 Under Active Attack, Google Issues Security Update
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Google fixes fourth actively exploited Chrome zero-day of 2025
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
-
Google patches actively exploited Chrome (CVE”‘2025″‘6554)
Google has released a security update for Chrome to address a zero”‘day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/