Tag: browser
-
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension”¦
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension campaign Short read for everyone: we found a malicious Chrome extension that stole login data from a crypto trading site. Tracing the domain it talked to uncovered a second malicious extension. That second extension’s public metadata contained the developer email, which…
-
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/mozilla-new-firefox-extensions-must-disclose-data-collection-practices/
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
Browser Fingerprinting: Was Programme wie Chrome, Firefox und Edge über dich wissen und mit anderen teilen
First seen on t3n.de Jump to article: t3n.de/news/browser-fingerprinting-chrome-firefox-edge-daten-1712770/
-
Building Chromegg: A Chrome Extension for Real-Time Secret Detection
Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/building-chromegg-a-chrome-extension-for-real-time-secret-detection/
-
131 Malicious Chrome Extensions Discovered Targeting WhatsApp Users
A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but function as high-risk automation tools, systematically violating platform policies to facilitate large-scale spam campaigns, primarily targeting Brazilian…
-
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.” First…
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
Google Patches Critical Chrome Vulnerability (CVE-2025-11756) in Safe Browsing Component
Google has issued an urgent security update for its Chrome browser, addressing a high-severity vulnerability tracked as CVE-2025-11756. This flaw, which affects Chrome’s Safe Browsing feature, could allow attackers to execute arbitrary code on users’ machines, posing a direct threat to user privacy and system security. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-bug-cve-2025-11756/
-
Tor Project greift durch: Firefox-KI-Features fliegen aus dem Tor-Browser
Den Entwicklern des Tor-Browsers sind die in Firefox integrierten KI-Features zu gefährlich. Daher wird nun aufgeräumt. First seen on golem.de Jump to article: www.golem.de/news/tor-project-greift-durch-firefox-ki-features-fliegen-aus-dem-tor-browser-2510-201284.html
-
Firefox VPN soll den Datenschutz kostenlos optimieren
Mozilla will mit Firefox VPN einen kostenlosen VPN-Dienst in den eigenen Browser integrieren. Man sucht dafür nach freiwilligen Betatestern. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/firefox-vpn-soll-den-datenschutz-kostenlos-verbessern-321852.html
-
Firefox VPN soll den Datenschutz kostenlos optimieren
Mozilla will mit Firefox VPN einen kostenlosen VPN-Dienst in den eigenen Browser integrieren. Man sucht dafür nach freiwilligen Betatestern. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/firefox-vpn-soll-den-datenschutz-kostenlos-verbessern-321852.html
-
Google Fixes Critical Chrome Bug Enabling Remote Code Execution
Google patches a Chrome Safe Browsing flaw (CVE-2025-11756) that lets attackers execute code remotely. Users urged to update immediately. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-critical-rce-cve-2025-11756/
-
Google Fixes Critical Chrome Bug Enabling Remote Code Execution
Google patches a Chrome Safe Browsing flaw (CVE-2025-11756) that lets attackers execute code remotely. Users urged to update immediately. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-critical-rce-cve-2025-11756/
-
Chrome UseFree Flaw Lets Attackers Execute Arbitrary Code
Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has earned a High severity rating from Google’s security team. Critical Vulnerability in Chrome’s Safe Browsing…
-
Mozilla is recruiting beta testers for a free, baked-in Firefox VPN
Lucky few randomly selected to trial the feature, which won’t fully roll out for several months First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/mozilla_firefox_vpn_beta/
-
Google Chrome to revoke browser notifications for inactive sites
Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven’t been visited recently, to reduce alert overload. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-to-revoke-notification-access-for-inactive-sites/
-
Google Chrome to revoke notification access for inactive sites
Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven’t been visited recently, to reduce alert overload. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-to-revoke-notification-access-for-inactive-sites/
-
Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it far more versatile and dangerous in its data-harvesting capabilities. Beyond the usual theft of browser-stored…
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Multiple Google Chrome Flaws Allow Attackers to Execute Arbitrary Code
Google rolled out version 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux. This update fixes three critical security flaws, all of which involve memory handling errors that an attacker could exploit to execute arbitrary code in the context of the browser. External researchers discovered these issues and reported them through Google’s vulnerability disclosure program.…
-
Windows und Android: Google schließt schwerwiegende Lücken in Chrome
Ein Pufferüberlauf in Chrome für Windows, MacOS, Linux und Android erlaubt unter Umständen eine Remotecodeausführung. First seen on golem.de Jump to article: www.golem.de/news/windows-und-android-google-schliesst-schwerwiegende-luecken-in-chrome-2510-200916.html
-
Technical Details and Exploit Released for Chrome Remote Code Execution Flaw
A remote code execution vulnerability affecting Google Chrome’s WebAssembly engine has been publicly disclosed, along with a fully functional exploit. The flaw, discovered and reported during TyphoonPWN 2025, involves a regression in the canonicalization logic for indexed reference types in WebAssembly and a novel sandbox bypass via JavaScript Promise Integration (JSPI). Researchers from SSD Secure…
-
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing, no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.On the defense side, AI is stepping…
-
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing, no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.On the defense side, AI is stepping…
-
Chrome 141: Google schließt schwerwiegende Sicherheitslücken
Die Lücken erlauben möglicherweise eine Remotecodeausführung innerhalb der Sandbox von Chrome. First seen on golem.de Jump to article: www.golem.de/news/chrome-141-google-schliesst-schwerwiegende-sicherheitsluecken-2510-200739.html
-
Chrome Security Update Addressing 21 Vulnerabilities
The Chrome team has releasedChrome 141.0.7390.54/55to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes, including 21 distinct vulnerabilities that span high, medium, and low severity. External researchers contributed to several of these fixes, earning rewards up to $25,000. Users are strongly…