Tag: browser
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures. The new device-level security setting, available on Android 16 with Chrome 137+, offers comprehensive protection against sophisticated cyber threats through three key security enhancements. The…
-
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
These extensions weren’t malware-laced from the start, researcher says First seen on theregister.com Jump to article: www.theregister.com/2025/07/08/browser_hijacking_campaign/
-
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/
-
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
-
Eight Malicious Firefox Extensions Expose Users to Credential Theft and Surveillance
The Socket Threat Research Team recently discovered a troubling network of malicious Firefox browser extensions that pose serious threats to user security and privacy. Initially focusing on a single extension, >>Shell Shockers,>mre1903.
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
-
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/06/week-in-review-sudo-local-privilege-escalation-flaws-fixed-google-patches-actively-exploited-chrome/
-
Firefox store littered with crypto-pilfering extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/firefox-store-littered-with-crypto-pilfering-extensions
-
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.”These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox First seen on thehackernews.com…
-
Actively exploited Chrome zero-day addressed
First seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-chrome-zero-day-addressed
-
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626960/Google-fixes-type-confusion-flaw-in-Chrome-browser
-
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox’s official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dozens-of-fake-wallet-add-ons-flood-firefox-store-to-drain-crypto/
-
Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks
Chained with a legacy flaw for RCE : Oligo demonstrated that the attack vector combines two independent flaws. Attackers could chain the legacy “0.0.0.0-day” browser flaw, which lets web pages send requests to 0.0.0.0 address that browsers treat like localhost, to a CSRF-style attack leveraging the Inspector proxy’s vulnerable “/sse” endpoint that accepts commands via query…
-
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. >>Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker…
-
Chrome Zero-Day, ‘FoxyWallet’ Firefox Attacks Threaten Browsers
Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/browsers-targeted-chrome-zero-day-malicious-firefox-extensions
-
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025
Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/
-
Chrome Zero-Day CVE-2025-6554 Under Active Attack, Google Issues Security Update
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Google fixes fourth actively exploited Chrome zero-day of 2025
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
-
Google patches actively exploited Chrome (CVE”‘2025″‘6554)
Google has released a security update for Chrome to address a zero”‘day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/
-
New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections
Tags: attack, breach, browser, chrome, credentials, cyber, cybersecurity, data, encryption, google, risk, theftCybersecurity researchers have unveiled a new attack”, dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)”, that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption…
-
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code
Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked asCVE-2025-6554, is atype confusionvulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by…
-
Microsoft confirms Family Safety blocks Google Chrome from launching
Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-family-safety-blocks-google-chrome-from-launching/
-
Windows Family Safety: Chrome-Blockade bestätigt
Nutzer beklagen sich seit Anfang Juni 2025, dass sie den Google Chrome-Browser nicht mehr verwenden können, wenn Microsoft Family Safety unter Windows installiert ist. Ich hatte darüber berichtet und nun hat Microsoft das Ganze offiziell in einem Support-Beitrag bestätigt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/26/windows-family-safety-chrome-blockade-bestaetigt/
-
Firefox 140 Launches with Critical Code Execution Bug Fix Update Now
Mozilla has officially released Firefox 140, marking a significant update that addresses multiple security vulnerabilities, including a critical code execution flaw. Users are strongly urged to update their browsers immediately to protect against potential exploits targeting these newly patched weaknesses. Critical Security Fixes in Firefox 140 The highlight of Firefox 140 is the resolution of…
-
Chrome Releases Security Patch for 11 Code Execution Vulnerabilities
The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and Mac, is now being distributed through the stable channel and will reach…