Tag: browser
-
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patches-new-in-wild-chrome/
-
Sicherheitslücke im Browser: Attacken auf Chrome-Nutzer beobachtet
Eine gefährliche Sicherheitslücke lässt Angreifer Schadcode in Chrome einschleusen. Es reicht der Besuch einer speziell gestalteten Webseite. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-im-browser-attacken-auf-chrome-nutzer-beobachtet-2602-205443.html
-
Leaky Chrome extensions with 37M installs caught shipping your browsing history
Encrypted exfiltration made detection difficult: The researcher said in a blog post that several of these extensions attempted to hide the nature of transmitted data. Outbound payloads were frequently encrypted or encoded before transmission, preventing automated inspection.”Manual inspection of the captured traffic revealed a variety of obfuscation schemes: base64, ROT47, LZ-String compression, and full AES-256…
-
Google fixes first actively exploited Chrome zero-day of 2026
Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first…
-
Google patches Chrome vulnerability with inwild exploit (CVE-2026-2441)
Google released a security update for Chrome to address a high-severity zero”‘day vulnerability (CVE-2026-2441) on Friday. >>Google is aware that an exploit for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/google-patches-chrome-vulnerability-with-in-the-wild-exploit-cve-2026-2441/
-
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
-
Google Chrome Fixes Actively Exploited CVE-2026-2441 Bug
A critical security vulnerability, CVE-2026-2441, has prompted an urgent out-of-band update for Google Chrome after confirmation that the flaw is being actively exploited. The Hong Kong Computer Emergency Response Team (HKCERT) alerted users to the flaw on 16 February 2026. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-2441-google-chrome/
-
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack, Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild.The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on…
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…
-
287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users
New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product. First seen on hackread.com Jump to article: hackread.com/chrome-extensions-harvest-browsing-data-37m-users/
-
260K Users Exposed in AI Extension Scam
Fake AI Chrome extensions exposed 260,000 users by using remote iframes to extract data and maintain persistent access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/260k-users-exposed-in-ai-extension-scam/
-
Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign
Malicious Chrome extensions hijacked over 500K VK accounts using multi-stage payloads and stealthy persistence techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extensions-hijack-500000-vk-accounts-in-stealth-campaign/
-
How to find and remove credential-stealing Chrome extensions
Researchers have uncovered 30 Chrome extensions stealing user data. Here’s how to check your browser and remove any malicious extensions step by step. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-find-and-remove-credential-stealing-chrome-extensions/
-
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager.The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. First seen on thehackernews.com…
-
Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts
A long-running Chrome extension malware campaign has silently hijacked more than 500,000 VKontakte (VK) accounts, forcing users into attacker-controlled groups, resetting their settings every 30 days, and abusing VK’s own infrastructure as command-and-control. What appeared to be harmless VK customization tools were in reality a tightly maintained malware project operated by a single threat actor…
-
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/
-
37 Millionen Downloads: 287 Chrome-Extensions bei der Spionage erwischt
Forscher haben den Traffic zahlreicher Chrome-Erweiterungen analysiert. 287 davon spionieren für Datenbroker das Surfverhalten aus. First seen on golem.de Jump to article: www.golem.de/news/37-millionen-downloads-287-chrome-extensions-bei-der-spionage-erwischt-2602-205381.html
-
37 Millionen Downloads: 287 Chrome-Extensions bei der Spionage erwischt
Forscher haben den Traffic zahlreicher Chrome-Erweiterungen analysiert. 287 davon spionieren für Datenbroker das Surfverhalten aus. First seen on golem.de Jump to article: www.golem.de/news/37-millionen-downloads-287-chrome-extensions-bei-der-spionage-erwischt-2602-205381.html
-
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while secretly deploying dangerous surveillance capabilities affecting over 260,000 users. The malicious extensions pose as AI-powered…
-
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while secretly deploying dangerous surveillance capabilities affecting over 260,000 users. The malicious extensions pose as AI-powered…
-
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while secretly deploying dangerous surveillance capabilities affecting over 260,000 users. The malicious extensions pose as AI-powered…
-
37 Millionen Downloads: 287 Chrome-Extensions bei der Spionage erwischt
Forscher haben den Traffic zahlreicher Chrome-Erweiterungen analysiert. 287 davon spionieren für Datenbroker das Surfverhalten aus. First seen on golem.de Jump to article: www.golem.de/news/37-millionen-downloads-287-chrome-extensions-bei-der-spionage-erwischt-2602-205381.html
-
37 Millionen Downloads: 287 Chrome-Extensions bei der Spionage erwischt
Forscher haben den Traffic zahlreicher Chrome-Erweiterungen analysiert. 287 davon spionieren für Datenbroker das Surfverhalten aus. First seen on golem.de Jump to article: www.golem.de/news/37-millionen-downloads-287-chrome-extensions-bei-der-spionage-erwischt-2602-205381.html
-
Microsoft fixes bug that blocked Google Chrome from launching
Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-family-safety-bug-that-blocks-google-chrome-from-launching/
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ai-chrome-extensions-with-300k-users-steal-credentials-emails/
-
287 Malicious Chrome Extensions Steal Browsing Data from 37.4 Million Users
A new security investigation has uncovered 287 Chrome extensions that appear to secretly send users’ browsing data to remote servers, impacting an estimated 37.4 million installs. That is roughly 1%1% of the global Chrome user base, based on the researchers’ estimate. The researchers built an automated testing pipeline to catch “spying” behavior at scale. They ran Chrome inside a…
-
Chrome Security Update Released to Address Code Execution Vulnerabilities
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will roll out gradually over the coming days and weeks. Critical Security Fixes The update patches several high-severity…