Tag: browser
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
Google Issues Emergency Update for 2B Chrome Users
Google issues emergency update for 2B Chrome users after confirming active zero-day exploitation. The post Google Issues Emergency Update for 2B Chrome Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-emergency-update-2b-chrome-users/
-
More work for admins as Google patches latest zero-day Chrome vulnerability
Enterprise updating: The latest update also addresses a separate Type Confusion vulnerability in the V8 engine, CVE-2025-13224, also rated as ‘high’ priority. So far, there is no indication that this is under exploit.Enterprise customers can address both flaws by updating to Chrome version 142.0.7444.175/.176 for Windows, version 142.0.7444.176 for Mac, and version 142.0.7444.175 for Linux.Normally,…
-
Chrome extension ‘Safery’ steals crypto wallet seed phrases
First seen on scworld.com Jump to article: www.scworld.com/brief/chrome-extension-safery-ethereum-wallet-stealing-seed-phrases-poses-major-cybersecurity-threat
-
Chrome extension ‘Safery’ steals crypto wallet seed phrases
First seen on scworld.com Jump to article: www.scworld.com/brief/chrome-extension-safery-ethereum-wallet-stealing-seed-phrases-poses-major-cybersecurity-threat
-
Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/18/chrome-cve-2025-13223-exploited/
-
Google fixes new Chrome zero-day flaw exploited in attacks
Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-new-chrome-zero-day-flaw-exploited-in-attacks/
-
Sicherheitslücke in V8: Hacker attackieren Chrome-Nutzer über Javascript-Engine
Zur Ausnutzung der Chrome-Lücke reicht der bloße Aufruf einer bösartigen Webseite. Angreifer können daraufhin Schadcode zur Ausführung bringen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-in-v8-angreifer-attackieren-chrome-nutzer-ueber-javascript-engine-2511-202288.html
-
Google fixed the seventh Chrome zero-day in 2025
Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exploited in the wild. The Chrome V8 engine is Google’s open-source JavaScript…
-
Sicherheitslücke in V8: Angreifer attackieren Chrome-Nutzer über Javascript-Engine
Zur Ausnutzung der Chrome-Lücke reicht der bloße Aufruf einer bösartigen Webseite. Angreifer können daraufhin Schadcode zur Ausführung bringen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-in-v8-angreifer-attackieren-chrome-nutzer-ueber-javascript-engine-2511-202288.html
-
Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome users worldwide.”‹ Critical Zero-Day Under Active Attack The vulnerability was discovered by Clément Lecigne of…
-
Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome users worldwide.”‹ Critical Zero-Day Under Active Attack The vulnerability was discovered by Clément Lecigne of…
-
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or…
-
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or…
-
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic…
-
Chrome extension “Safery” steals Ethereum wallet seed phrases
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web…
-
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework
SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
-
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework
SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
-
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web…
-
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called >>Safery: Ethereum Wallet,
-
Mozilla Firefox gets new anti-fingerprinting defenses
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/
-
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…