Tag: browser
-
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser… First seen on hackread.com Jump to article: hackread.com/malicious-npm-packages-stole-chrome-user-data-windows/
-
Google Big Sleep AI Tool Finds Critical Chrome Vulnerability
Make sure your Chrome browser is updated to the latest version to stay protected. First seen on hackread.com Jump to article: hackread.com/google-big-sleep-ai-tool-critical-chrome-vulnerability/
-
China Hijacks Captive Portals to Spy on Asian Diplomats
The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-hijacks-captive-portals-spy-asian-diplomats
-
Critical Chrome UseFree Flaw Enables Arbitrary Code Execution
Google has released an urgent security update for the Chrome Stable channel to address acritical use-after-free vulnerabilityin the ANGLE graphics library that could allow attackers to execute arbitrary code on vulnerable systems. The fixes arrive as part of Chrome Stable versions 139.0.7258.154/.155 on Windows and macOS, and 139.0.7258.154 on Linux. Users are advised to update immediately, as the patch…
-
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen
Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trustSummary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
-
PoC Exploit Published for Chrome 0-Day Already Under Active Attack
A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as CVE-2025-5419, stems from out-of-bounds reads and writes in Chrome’s V8 JavaScript engine, affecting versions prior to 137.0.7151.68 and opening the door…
-
PoC Exploit Published for Chrome 0-Day Already Under Active Attack
A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as CVE-2025-5419, stems from out-of-bounds reads and writes in Chrome’s V8 JavaScript engine, affecting versions prior to 137.0.7151.68 and opening the door…
-
Chrome-Erweiterung FreeVPN.One zeichnete Screenshots von Seitenbesuchen auf
Wer bisher glaubte, dass Microsofts Recall in Punkto Überwachung an der Spitze liegt, muss umdenken. Sicherheitsforscher sind auf die Erweiterung FreeVPN.One des Google Chrome-Browsers gestoßen. Diese fertigte Screenshots von allen besuchten Seiten an und sammelte weitere Daten. Die Erweiterung ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/24/chrome-erweiterung-freevpn-one-zeichnet-screenshots-von-seitenbesuchen-auf/
-
US Government Seeks Medical Records of Trans Youth
Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere. First seen on wired.com Jump to article: www.wired.com/story/us-government-seeks-medical-records-of-trans-youth/
-
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data
Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-managementUnmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
-
High-Severity Mozilla Flaws Allow Remote Code Execution
Mozilla has released Firefox 142 to address multiple critical security vulnerabilities that could enable remote attackers to execute arbitrary code on affected systems. The Mozilla Foundation Security Advisory 2025-64, announced on August 19, 2025, details nine distinct vulnerabilities ranging from high-severity remote code execution flaws to spoofing and denial-of-service issues. Critical Remote Code Execution Vulnerabilities…
-
Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension
Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/freevpn_privacy_research/
-
Critical Chrome Flaw CVE”‘2025″‘9132 Exposes Browsers to Remote Code Execution
The Hong Kong Computer Emergency Response Team Coordination Center issued an alert regarding a remote code execution flaw in Google Chrome. The Chrome team reported the same vulnerability. The Chrome flaw, identified as CVE”‘2025″‘9132, stems from an out-of-bounds write in V8, Chrome’s JavaScript engine, which could allow attackers to execute arbitrary code remotely. First seen…
-
Legitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive Data
A Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote servers. Despite its privacy policy explicitly stating that the developer does not collect or use user…
-
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI.…
-
Chrome High-Severity Vulnerability Could Let Attackers Run Arbitrary Code
Google has released an emergency security update for Chrome to address a high-severity vulnerability that could potentially allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-9132, affects the V8 JavaScript engine and represents a critical security risk for millions of Chrome users worldwide. Critical V8 Engine Flaw Discovered The newly…
-
Legitimate Chrome VPN Extension Turns to Browser Spyware
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/
-
Paywalls der Verlage überwinden: Bypass Paywall Clean von Mozilla geblockt
Mozilla ging nun auch gegen das Tool Bypass Paywalls Clean vor. Beim Firefox ist das Add-on deaktiviert, GitHub löschte das Tool ohnehin. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/paywalls-der-verlage-ueberwinden-bypass-paywall-clean-von-mozilla-geblockt-319664.html
-
Some users report their Firefox browser is scoffing CPU power
You guessed it: looks like it’s a so-called AI First seen on theregister.com Jump to article: www.theregister.com/2025/08/13/firefox_ai_scoffing_power/
-
Google Chrome Enterprise: Advanced Browser Security for the Modern Workforce
In this Dark Reading News Desk interview, Google’s Mark Berschadski highlights the critical role browsers play in today’s work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/google-chrome-enterprise-advanced-browser-security-modern-workforce
-
Google Chrome Enterprise: Extend Protections From Browser to OS
Dark Reading’s Terry Sweeney and Google’s Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a common conduit through which a lot of business is done. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/google-chrome-enterprise-extend-protections-from-browser-to-os
-
Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web
Dark Reading’s Terry Sweeney and Google Cloud Security’s Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-enterprise-keeping-businesses-safe-from-threats-on-the-web
-
Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw
Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the…
-
Bug-Bounty-Prämie: 250.000 US-Dollar für eine Sicherheitslücke in Chrome
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen und Schadcode auf dem System auszuführen. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Höchste Bug-Bounty-Prämie: Google zahlt 250.000 US-Dollar für eine Chrome-Lücke
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen. Der Entdecker hat dafür eine Viertelmillion US-Dollar erhalten. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Chrome sandbox escape nets security researcher $250,000 reward
Researcher earns Google Chrome ‘s top $250K bounty for a sandbox escape vulnerability enabling remote code execution. A researcher who goes online with the moniker ‘Micky’ earned $250,000 from Google for reporting a high-severity Chrome vulnerability. The flaw, tracked as CVE-2025-4609, resides in the Mojo IPC system, an attacker can exploit the flaw to escape…
-
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX…
-
ChromeAlone A Browser Based Cobalt Strike Like C2 Tool That Turns Chrome Into a Hacker’s Playground
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone, a Chromium-based browser Command & Control (C2) framework capable of replacing traditional offensive security implants like Cobalt Strike or Meterpreter. Not long ago, web browsers were little more than wrappers for HTTP requests. Today, they are complex, feature-packed platforms, so sophisticated […]…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…