Tag: browser
-
US Government Seeks Medical Records of Trans Youth
Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere. First seen on wired.com Jump to article: www.wired.com/story/us-government-seeks-medical-records-of-trans-youth/
-
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data
Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-managementUnmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
-
High-Severity Mozilla Flaws Allow Remote Code Execution
Mozilla has released Firefox 142 to address multiple critical security vulnerabilities that could enable remote attackers to execute arbitrary code on affected systems. The Mozilla Foundation Security Advisory 2025-64, announced on August 19, 2025, details nine distinct vulnerabilities ranging from high-severity remote code execution flaws to spoofing and denial-of-service issues. Critical Remote Code Execution Vulnerabilities…
-
Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension
Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/freevpn_privacy_research/
-
Critical Chrome Flaw CVE”‘2025″‘9132 Exposes Browsers to Remote Code Execution
The Hong Kong Computer Emergency Response Team Coordination Center issued an alert regarding a remote code execution flaw in Google Chrome. The Chrome team reported the same vulnerability. The Chrome flaw, identified as CVE”‘2025″‘9132, stems from an out-of-bounds write in V8, Chrome’s JavaScript engine, which could allow attackers to execute arbitrary code remotely. First seen…
-
Legitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive Data
A Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote servers. Despite its privacy policy explicitly stating that the developer does not collect or use user…
-
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI.…
-
Chrome High-Severity Vulnerability Could Let Attackers Run Arbitrary Code
Google has released an emergency security update for Chrome to address a high-severity vulnerability that could potentially allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-9132, affects the V8 JavaScript engine and represents a critical security risk for millions of Chrome users worldwide. Critical V8 Engine Flaw Discovered The newly…
-
Legitimate Chrome VPN Extension Turns to Browser Spyware
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/
-
Paywalls der Verlage überwinden: Bypass Paywall Clean von Mozilla geblockt
Mozilla ging nun auch gegen das Tool Bypass Paywalls Clean vor. Beim Firefox ist das Add-on deaktiviert, GitHub löschte das Tool ohnehin. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/paywalls-der-verlage-ueberwinden-bypass-paywall-clean-von-mozilla-geblockt-319664.html
-
Some users report their Firefox browser is scoffing CPU power
You guessed it: looks like it’s a so-called AI First seen on theregister.com Jump to article: www.theregister.com/2025/08/13/firefox_ai_scoffing_power/
-
Google Chrome Enterprise: Advanced Browser Security for the Modern Workforce
In this Dark Reading News Desk interview, Google’s Mark Berschadski highlights the critical role browsers play in today’s work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/google-chrome-enterprise-advanced-browser-security-modern-workforce
-
Google Chrome Enterprise: Extend Protections From Browser to OS
Dark Reading’s Terry Sweeney and Google’s Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a common conduit through which a lot of business is done. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/google-chrome-enterprise-extend-protections-from-browser-to-os
-
Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web
Dark Reading’s Terry Sweeney and Google Cloud Security’s Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-enterprise-keeping-businesses-safe-from-threats-on-the-web
-
Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw
Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the…
-
Bug-Bounty-Prämie: 250.000 US-Dollar für eine Sicherheitslücke in Chrome
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen und Schadcode auf dem System auszuführen. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Höchste Bug-Bounty-Prämie: Google zahlt 250.000 US-Dollar für eine Chrome-Lücke
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen. Der Entdecker hat dafür eine Viertelmillion US-Dollar erhalten. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Chrome sandbox escape nets security researcher $250,000 reward
Researcher earns Google Chrome ‘s top $250K bounty for a sandbox escape vulnerability enabling remote code execution. A researcher who goes online with the moniker ‘Micky’ earned $250,000 from Google for reporting a high-severity Chrome vulnerability. The flaw, tracked as CVE-2025-4609, resides in the Mojo IPC system, an attacker can exploit the flaw to escape…
-
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX…
-
ChromeAlone A Browser Based Cobalt Strike Like C2 Tool That Turns Chrome Into a Hacker’s Playground
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone, a Chromium-based browser Command & Control (C2) framework capable of replacing traditional offensive security implants like Cobalt Strike or Meterpreter. Not long ago, web browsers were little more than wrappers for HTTP requests. Today, they are complex, feature-packed platforms, so sophisticated […]…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets.The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said.What makes the First…
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed ‘GreedyBear’ has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
Brave Browser-Tipps: Den Chrome-basierten Browser optimal nutzen
So optimierst du den auf Chrome basierenden Brave Browser für maximale Sicherheit und Komfort. Praxistipps ohne Technik-Kenntnisse! First seen on tarnkappe.info Jump to article: tarnkappe.info/tutorials/brave-browser-tipps-den-chrome-basierten-browser-optimal-nutzen-319146.html
-
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
PXA Stealer pilfers data from nearly 40 browsers, including Chrome First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/pxa_stealer_4000_victims/
-
Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
Devs told to exercise ‘extreme caution’ with emails disguised as account update prompts First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/mozilla_add_on_phishing/
-
Mozilla Issues Warning on Phishing Campaign Targeting Add-on Developer Accounts
Mozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Community team on August 1, 2025, warns developers to exercise extreme caution when receiving emails purporting to be…