Tag: browser
-
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution
Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Crypto Scam ShieldGuard Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/
-
Firefox is getting a free built-in VPN
Mozilla is adding a free built-in VPN to Firefox, with the feature arriving in Firefox 149 on March 24. Privacy concerns often follow free VPN services, especially when … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/mozilla-firefox-free-built-in-vpn/
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
âš¡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a…
-
Aktiv ausgenutzte Sicherheitslücken entdeckt: Dieses Update für Google Chrome musst du jetzt installieren
First seen on t3n.de Jump to article: t3n.de/news/google-chrome-aktiv-ausgenutzte-sicherheitsluecke-update-1733831/
-
U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google released security updates to address two high-severity vulnerabilities,…
-
Critical Chrome Security Flaws Threaten Billions of Users Worldwide
Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update. The post Critical Chrome Security Flaws Threaten Billions of Users Worldwide appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-zero-day-vulnerabilities-exploited-update/
-
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google patched two Chrome zero-day vulnerabilities actively exploited in the wild that could allow code execution or browser crashes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-two-chrome-zero-day-vulnerabilities-actively-exploited-in-the-wild/
-
Google patches two Chrome zero-days under active attack. Update now
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now/
-
Google rushes Chrome update fixing two zero-days already under attack
Skia graphics lib and V8 JavaScript engine brings browser’s tally of actively exploited bugs to three in 2026 First seen on theregister.com Jump to article: www.theregister.com/2026/03/13/google_zeroday_chrome_update/
-
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. >>Google is aware that exploits for…
-
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.The list of vulnerabilities is as follows -CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory…
-
Ein falscher Klick genügt: Chrome-Nutzer werden attackiert
Zwei gefährliche Sicherheitslücken in Google Chrome werden aktiv ausgenutzt. Ein einfacher Webseitenbesuch reicht, um Schadcode einzuschleusen. First seen on golem.de Jump to article: www.golem.de/news/ein-falscher-klick-genuegt-chrome-nutzer-werden-attackiert-2603-206442.html
-
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
-
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code
Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…
-
Speicherfehler – Google stopft 3 kritische Sicherheitslücken in Chrome
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-stable-update-schliesst-10-sicherheitsluecken-3-kritisch-a-35022bbfb9c477115fe2413efd80f286/
-
Chrome-Erweiterungen können Nutzer ausforschen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/chrome-browser-erweiterungen-ausforschung-nutzer-daten
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
-
Malicious Chrome Extension Targets imToken Wallet Users
A fake Chrome extension impersonating imToken redirects users to phishing pages to steal crypto wallet keys. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extension-targets-imtoken-wallet-users/
-
Sicherheitsanalyse mit KI – Anthropics Opus 4.6 findet 22 Sicherheitslücken in Firefox
Innerhalb von zwei Wochen hat Claude Opus 4.6 ganze 22 CVE-Sicherheitslücken im Firefox-Browser entdeckt. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/sicherheitsanalyse-mit-ki-anthropics-opus-4-6-findet-22-sicherheitsluecken-in-firefox.96461
-
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data.The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below -QuickLens – Search Screen with First…
-
Anthropic Claude Opus AI model discovers 22 Firefox bugs
Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addressed these issues in Firefox 148. The researchers state…
-
Fake AI Extensions Breached Chat Histories in 20,000+ Enterprise Tenants
Microsoft has issued an alert after uncovering a wave of malicious Chromium-based browser extensions masquerading as legitimate AI assistant tools. The extensions, available on the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, secretly collected private browser data and AI chat content. Microsoft found that stolen data included full URLs, internal site…
-
Mit CVEs: KI findet 100 Firefox-Lücken in zwei Wochen
Anthropics Claude hat in einem internen Test mehr als 100 Sicherheitslücken im Firefox-Browser aufgedeckt. Mozilla reagiert mit verstärktem KI-Einsatz. First seen on golem.de Jump to article: www.golem.de/news/mit-cves-ki-findet-100-firefox-luecken-in-zwei-wochen-2603-206226.html
-
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month.…
-
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month.…
-
Malicious Browser Add”‘on Targets imToken Users’ Private Keys
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious add-on, named >>lmΤoken Chromophore<< (extension ID bbhaganppipihlhjgaaeeeefbaoihcgi), disguises itself as a harmless hex color visualizer for developers and digital artists. However, its true purpose is to impersonate the widely used…
-
Claude AI Exposes 22 Firefox Vulnerabilities in Just Two Weeks
Artificial intelligence has officially entered the realm of advanced vulnerability research, moving beyond simple code assistance to autonomous threat hunting. This highly accelerated discovery rate outpaces traditional manual research, with the AI uncovering more vulnerabilities in one month than human researchers reported in any single month of 2025. Fourteen of these discoveries were classified as…