Tag: browser
-
Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code. This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data…
-
Chrome und Edge Notfall-Updates und Ärger in Chrome/Edge 137
Kurzer Nachtrag aus den letzten Tagen. Sowohl Google musste dem Chrome-Browser als auch Microsoft dem auf Chromium basierenden Edge-Browser ein dringendes Sicherheitsupdate spendieren. Hintergrund sind Sicherheitslücken, die wohl in freier Wildbahn von Bedrohungsakteuren ausgenutzt wurden. Zudem habe ich zwei Lesermeldungen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/06/chrome-und-edge-notfall-updates-und-edge-aerger/
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Google to drop trust of Chunghwa and NetLock certificates from Chrome
First seen on scworld.com Jump to article: www.scworld.com/news/google-to-drop-trust-of-chunghwa-and-netlock-certificates-from-chrome
-
Two certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
2 certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/google-fixes-chrome-zero-day-with-in-the-wild-exploit-cve-2025-5419/
-
New Malware Attack Uses Malicious Chrome Edge Extensions to Steal Sensitive Data
Cybersecurity experts from Positive Technologies’ Security Expert Center have uncovered a sophisticated malicious campaign dubbed >>Phantom Enigma,
-
Emergency Chrome Update to Fix Actively Exploited CVE-2025-5419
In an unusual out-of-band release, Google has issued an urgent update to its Chrome browser to patch three security vulnerabilities, including one that is currently being exploited in real-world attacks. Critical Vulnerability in Chrome’s V8 Engine The most serious of… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/update-chrome-cve-2025-5419/
-
Google patches third zero-day flaw in Chrome this year
Vulnerability in the JavaScript engine: The Chrome team described the vulnerability as an out of bounds memory read and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is used in other projects as well, including the Node.js runtime. Because the engine is designed to interpret and execute JavaScript and…
-
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/google_chrome_zero_day_emergency_fix/
-
Chrome Drops Trust for Chunghwa, Netlock Certificates
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/chrome-drop-trust-chunghwa-netlock-certificates
-
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/
-
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/
-
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
-
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will…
-
Notfallupdate: Aktiv ausgenutzte Chrome-Lücke gefährdet Nutzer
Wer Google Chrome verwendet, sollte den Browser dringend aktualisieren. Mehrere gefährliche Schwachstellen wurden gepatcht. Eine davon wird bereits aktiv ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-aktiv-ausgenutzte-chrome-luecke-gefaehrdet-nutzer-2506-196771.html
-
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.”Out of bounds…
-
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/
-
Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs
Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/mozilla-releases-firefox-13901-update-to-fix-artifacts-on-nvidia-gpus/
-
New Silent Push Chrome tool delivers real-time cyber intel
First seen on scworld.com Jump to article: www.scworld.com/brief/new-silent-push-chrome-tool-delivers-real-time-cyber-intel
-
Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
The Chrome team at Google has officially released Chrome 137 to the stable channel for Windows, Mac, and Linux platforms. This update, version 137.0.7151.55/56, brings a host of security improvements, bug fixes, and technical enhancements, reinforcing Chrome’s position as a leading web browser for both everyday users and enterprise environments. Security Enhancements and Technical Fixes…
-
Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code
Mozilla has released Firefox 139, addressing several critical and moderate security vulnerabilities that posed significant risks to users. The update, announced on May 27, 2025, resolves issues ranging from memory corruption and local code execution to cross-origin data leaks, reinforcing Firefox’s commitment to user safety. Double-Free in libvpx Encoder: One of the most severe vulnerabilities…
-
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
Tags: access, browser, cve, cyber, data, exploit, remote-code-execution, risk, vulnerability, zero-dayAt this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities”, CVE-2025-4918 and CVE-2025-4919″, were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access, raising the risk of remote code execution and sensitive data exposure. However, neither exploit succeeded in escaping…
-
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials
Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
-
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tacticsCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…