Collecting Cyber-News from over 60 sources

Tag: browser

The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors

Mar 6, 2026 11:48 PM

Tags: attack, backdoor, browser, chrome, malware, tool

Millions installed ‘productivity’ Chrome extensions that became malware after acquisition. Here’s how browser extensions became enterprise security’s weakest link. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-chrome-extension-backdoor-how-productivity-tools-became-enterprise-attack-vectors/
Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits

Mar 6, 2026 10:46 PM

Tags: ai, browser

Now if only device makers would deliver higher quality components First seen on theregister.com Jump to article: www.theregister.com/2026/03/06/firefox_bugs_anthropic_ai/
Middle East Conflict Fuels Opportunistic Cyber Attacks

Mar 6, 2026 9:47 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, backdoor, best-practice, breach, browser, business, chrome, cloud, crypto, cyber, cybercrime, cybersecurity, data, defense, endpoint, exploit, fraud, google, government, identity, infection, Internet, iran, iraq, malicious, malware, mfa, middle-east, military, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, scam, service, software, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that capitalizes on the elevated political climate in the Middle East. This increased malicious activity includes discoveries that are directly tied to the ongoing conflict, alongside other related findings. ThreatLabz…
Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

Mar 6, 2026 8:46 PM

Tags: browser, vulnerability

In a recent security partnership with Mozilla, Anthropic found 22 separate vulnerabilities in Firefox, 14 of them classified as “high-severity.” First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/06/anthropics-claude-found-22-vulnerabilities-in-firefox-over-two-weeks/
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities

Mar 5, 2026 10:47 AM

Tags: browser, chrome, cyber, exploit, flaw, google, update, vulnerability

Google released an urgent security update for its Chrome browser to address 10 vulnerabilities. Deployed on March 3, 2026, this stable channel update fixes three critical flaws and seven high-severity issues. The emergency patch protects users from potential exploits that could allow attackers to execute arbitrary code or compromise affected systems. The Chrome update is…
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities

Mar 5, 2026 10:47 AM

Tags: browser, chrome, cyber, exploit, flaw, google, update, vulnerability

Google released an urgent security update for its Chrome browser to address 10 vulnerabilities. Deployed on March 3, 2026, this stable channel update fixes three critical flaws and seven high-severity issues. The emergency patch protects users from potential exploits that could allow attackers to execute arbitrary code or compromise affected systems. The Chrome update is…
Google speeds up Chrome updates with new security-focused release cycle

Mar 4, 2026 10:46 AM

Tags: access, browser, chrome, google, update

The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
Google speeds up Chrome updates with new security-focused release cycle

Mar 4, 2026 10:46 AM

Tags: access, browser, chrome, google, update

The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
Google speeds up Chrome updates with new security-focused release cycle

Mar 4, 2026 10:46 AM

Tags: access, browser, chrome, google, update

The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
Google feels the need for security speed, so will ship Chrome updates every two weeks

Mar 4, 2026 5:46 AM

Tags: browser, chrome, google, update

Retains eight-weekly Extended Stable releases but warns fortnightly updates are the best way to stay safe First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/google_speeds_chrome_release_cadence/
Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

Mar 3, 2026 8:46 PM

Tags: browser, chrome, crypto, malware

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases. The post Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-compromised-chrome-extension-malware-crypto-theft/
Google Chrome shifts to two-week release cycle for increased stability

Mar 3, 2026 7:47 PM

Tags: browser, chrome, google

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/
Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Mar 3, 2026 3:47 PM

Tags: access, browser, cctv, chrome, flaw, vulnerability

Researchers found a now-patched vulnerability in “Live in Chrome” that allowed a Chrome extension to inherit Gemini’s permissions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/chrome-flaw-let-extensions-hijack-geminis-camera-mic-and-file-access/
Chrome Gemini panel became privilege escalator for rogue extensions

Mar 3, 2026 1:47 PM

Tags: access, ai, browser, chrome, flaw, malicious

High-severity flaw let malicious add-ons access system via browser’s embedded AI feature First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/google_chrome_bug_gemini/
Chrome security flaw enabled spying via Gemini Live assistant

Mar 3, 2026 11:46 AM

Tags: ai, browser, chrome, control, cve, flaw, google, malicious, network, spy, vulnerability

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks

Mar 3, 2026 8:46 AM

Tags: attack, browser, chrome, computer, computing, cyber, google, group, Internet

Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) >>PKI, Logs, And Tree Signatures<< (PLANTS) working group, introduces Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem. Quantum computers…
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely

Mar 3, 2026 6:47 AM

Tags: access, ai, browser, cctv, chrome, cve, cyber, data-breach, flaw, google, malicious, privacy, unauthorized, vulnerability

A newly discovered high-severity vulnerability in Google Chrome’s Gemini Live integration, tracked as CVE-2026-0628, exposed users to significant privacy and security risks. Researchers found that the flaw could allow malicious browser extensions to hijack the Gemini side panel, granting unauthorized access to a user’s camera, microphone, and local files. The integration of AI assistants into…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Mar 2, 2026 6:47 PM

Tags: access, browser, chrome, cve, cybersecurity, flaw, google, malicious, vulnerability

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Mar 2, 2026 6:47 PM

Tags: browser, chrome, cryptography, google, risk

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.”To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web…
Dust Specter APT Targets Government Officials in Iraq

Mar 2, 2026 5:47 PM

Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windows

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates

Mar 2, 2026 5:47 PM

Tags: browser, chrome, google

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-quantum-safe-https/
Chrome Extension Hijacked to Push ClickFix Malware

Mar 2, 2026 4:49 PM

Tags: browser, chrome, crypto, malware

A trusted Chrome extension was hijacked to strip browser protections, deploy ClickFix malware, and steal cryptocurrency and user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-extension-hijacked-to-push-clickfix-malware/
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping

Mar 2, 2026 7:47 AM

Tags: browser, chrome, cyber, exploit, google, injection, remote-code-execution, tool

A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…
QuickLens Chrome extension steals crypto, shows ClickFix attack

Feb 28, 2026 9:37 PM

Tags: attack, browser, chrome, crypto, google, malware

A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Feb 26, 2026 5:37 PM

Tags: access, ai, browser, chrome, control, flaw, kali, linux, lockbit, software, tactics, threat

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update.Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder.Here is a quick look at the signals worth paying attention…
Firefox 148 Unveils New Sanitizer API to Mitigate XSS Attacks in Web Applications

Feb 26, 2026 7:37 AM

Tags: api, attack, browser, cyber, update, xss

Firefox has launched a major update to help protect web applications from Cross-Site Scripting (XSS) attacks. With the release of Firefox 148, Mozilla introduces the new standardized Sanitizer API, making it the first browser to ship this built-in security tool. This new feature gives web developers an easy way to clean up untrusted code before…
Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach

Feb 25, 2026 11:37 AM

Tags: browser, chrome, container, credentials, defense, framework, mfa, phishing, saas

Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/starkiller-phishing-framework-bypasses-defenses-with-reverse-proxies-takes-an-saas-approach/
Mozilla Firefox 148 – Browser erhält zentrale KI-Steuerung und KI-Deaktivierung

Feb 25, 2026 8:37 AM

Tags: ai, browser

In Firefox 148 können ab sofort in den Einstellungen sämtliche Browser-internen KI-Funktionen verwaltet und bei Bedarf deaktiviert werden. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/mozilla-firefox-148-browser-erhaelt-zentrale-ki-steuerung-und-ki-deaktivierung.96290
Google Patches Three High-Severity Chrome Flaws

Feb 24, 2026 7:02 PM

Tags: browser, chrome, flaw, google

Google has fixed three high-severity Chrome flaws that could enable remote exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-three-high-severity-chrome-flaws/
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws

Feb 24, 2026 7:02 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, windows

Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The rapid deployment of these fixes highlights the ongoing challenges in securing widely used web browsers…