Tag: browser

Chrome-Sicherheitsupdate schließt Schwachstelle CVE-2025-4664 (14. Mai 2025)

May 24, 2025 8:55 PM

Tags: browser, chrome, cve, google, vulnerability

Kleiner Nachtrag zum Google Chrome-Browser. Zum 14. Mai 2025 hat Google den Chrome-Browser auf die Versionen 136.0.7103.113/.114 aktualisiert, um die Schwachstelle CVE-2025-4664 zu schließen. Die Tage sind mir einige Informationen zu dieser Schwachstelle untergekommen, die ich nachfolgend kurz einstelle. Google … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/24/chrome-sicherheitsupdate-schliesst-schwachstelle-cve-2025-4664/
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity

May 23, 2025 1:55 PM

Tags: browser, chrome, cve, google, linux, login, update, windows, zero-day

A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately. First seen on hackread.com Jump to article: hackread.com/chrome-0-day-cve-2025-4664-windows-linux-browser-activity/
Google Chrome’s Built-in Manager Lets Users Update Breached Passwords with One Click

May 23, 2025 7:54 AM

Tags: browser, chrome, credentials, google, password, update

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
Legitimate tools spoofed by infostealing Chrome extensions

May 22, 2025 10:54 PM

Tags: browser, chrome, tool

First seen on scworld.com Jump to article: www.scworld.com/brief/legitimate-tools-spoofed-by-infostealing-chrome-extensions
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

May 21, 2025 5:55 PM

Tags: ai, browser, chrome, crypto, data, fortinet, google, malicious, tool, vpn

A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
Over 100 Malicious Chrome Extensions Exploiting Users to Steal Login Credentials and Execute Remote Code

May 21, 2025 12:54 PM

Tags: browser, chrome, credentials, cyber, cybersecurity, exploit, login, malicious, network, threat, tool, unauthorized

Cybersecurity researchers have uncovered a sprawling network of over 100 malicious Chrome extensions actively exploiting unsuspecting users. These extensions, masquerading as legitimate tools for productivity, ad-blocking, and browsing enhancement, are designed with nefarious intent stealing sensitive login credentials and executing unauthorized remote code on infected systems. The scale of this threat, affecting millions of users…
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

May 21, 2025 9:54 AM

Tags: browser, chrome, credentials, google, password

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
Schwachstelle in Chrome wird derzeit aktiv ausgenutzt

May 21, 2025 8:54 AM

Tags: browser, bug, chrome, cisa, google, update, vulnerability

Eine Anfang Mai bekannt gewordene Sicherheitslücke in Google Chrome wird derzeit aktiv ausgenutzt, wie die US-Sicherheitsbehörde CISA warnt. Nutzer sollten schnellstmöglich ein Update durchführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/schwachstelle-in-chrome-wird-derzeit-aktiv-ausgenutzt
Newly discovered Firefox zero-days addressed

May 20, 2025 10:54 PM

Tags: browser, zero-day

First seen on scworld.com Jump to article: www.scworld.com/brief/newly-discovered-firefox-zero-days-addressed
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

May 20, 2025 5:54 PM

Tags: browser, chrome, credentials, data, malicious, service, threat, tool

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features

May 20, 2025 10:54 AM

Tags: browser, cyber, privacy, update, vulnerability

Tor Project has launched Tor Browser 14.5.2, a significant update addressing security vulnerabilities, refining cross-platform functionality, and enhancing build system reliability. This release integrates critical Firefox security patches, resolves longstanding privacy-related bugs, and implements infrastructural improvements to streamline future development. Tor Browser 14.5.2 prioritizes security by rebasing its underlying engine on Firefox 128.10.1esr, Mozilla’s Extended…
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks

May 20, 2025 5:57 AM

Tags: ai, authentication, browser, chrome, cloud, container, cve, cyber, data, docker, exploit, flaw, framework, hacker, infrastructure, linux, microsoft, network, nvidia, open-source, oracle, risk, software, technology, tool, vmware, vulnerability, zero-day

Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025

May 19, 2025 9:54 PM

Tags: access, browser, data, exploit, hacking, update, vulnerability, zero-day

Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities in the Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. >>This week at the security hacking competition pwn2own, security researchers…
Mozilla fixes Firefox zero-days exploited at hacking contest

May 19, 2025 4:54 PM

Tags: browser, exploit, hacking, update, vulnerability, zero-day

Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-days-exploited-at-hacking-contest/
Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

May 19, 2025 2:54 PM

Tags: ai, browser

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential… First seen on hackread.com Jump to article: hackread.com/firefox-tests-ai-powered-perplexity-search-in-browser/
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

May 19, 2025 1:54 PM

Tags: access, browser, cve, data, exploit, flaw, update, vulnerability, zero-day

Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below -CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could…
Critical Firefox 0-Day Flaws Allow Remote Code Execution

May 19, 2025 11:54 AM

Tags: browser, cve, cyber, flaw, malicious, remote-code-execution, vulnerability, zero-day

Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are addressed in Firefox version 138.0.4. Security experts are strongly advising all users…
Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox

May 19, 2025 11:54 AM

Tags: browser, cyber, exploit, hacking, vmware, vulnerability, windows, zero-day

The Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, and Mozilla Firefox, revealing critical zero-day vulnerabilities that vendors must now address. The three-day hacking competition showcased 28 unique zero-day vulnerabilities,…
Pwn2Own Berlin: Firefox, Sharepoint und VMware-Produkte gehackt

May 19, 2025 9:54 AM

Tags: browser, vmware

Teilnehmer der Pwn2Own in Berlin haben zahlreiche Softwareprodukte attackiert. Ein Hersteller hat besonders schnell reagiert und sofort Patches verteilt. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-firefox-sharepoint-und-vmware-produkte-gehackt-2505-196310.html
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited

May 18, 2025 10:35 AM

Tags: browser, chrome, exploit, microsoft, update, vulnerability, WeeklyReview, zero-day

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/18/week-in-review-microsoft-patches-5-actively-exploited-0-days-recently-fixed-chrome-vulnerability-exploited/
Google Chrome data leakage bug confirmed as actively exploited

May 17, 2025 10:54 PM

Tags: browser, chrome, data, exploit, google

First seen on scworld.com Jump to article: www.scworld.com/news/google-chrome-bug-that-could-leak-sensitive-info-actively-exploited
VMware ESXi, Firefox, Red Hat Linux SharePoint Hacked Pwn2Own Day 2

May 17, 2025 1:54 PM

Tags: browser, conference, cyber, linux, vmware, vulnerability, zero-day

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of $695,000 with participants revealing 20 unique zero-day vulnerabilities thus far. With…
Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

May 16, 2025 9:54 PM

Tags: browser, conference, vmware, windows

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with… First seen on hackread.com Jump to article: hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/
Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

May 16, 2025 9:54 PM

Tags: browser, chrome, cisa, exploit, flaw, google, vulnerability

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/cisa-recently-fixed-chrome-vulnerability-exploited-in-the-wild-cve-2025-4664/
CISA tags recently patched Chrome bug as actively exploited

May 16, 2025 10:54 AM

Tags: attack, browser, chrome, cisa, exploit, vulnerability

On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/
Google fixed a Chrome vulnerability that could lead to full account takeover

May 16, 2025 9:54 AM

Tags: browser, chrome, cve, google, update, vulnerability

Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
Google patches Chrome vulnerability used for account takeover and MFA bypass

May 15, 2025 9:54 PM

Tags: access, attack, browser, chrome, cloud, cve, data, exploit, flaw, google, mfa, microsoft, ransomware, risk, russia, service, update, vulnerability, windows

How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without…
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers

May 13, 2025 6:38 PM

Tags: browser, chrome

This is the fourth article in our series on anti-detect browsers. In the previous post, we explained how to detect anti-fingerprinting scripts injected via Chrome DevTools Protocol (CDP). Here, we analyze Hidemium, a popular anti-detect browser, and describe how it can be detected. We start with a high-level overview of First seen on securityboulevard.com Jump…
Detecting Remote Monitoring and Management Tools Used by Attackers

May 12, 2025 8:10 PM

Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windows

Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…