Tag: chrome
-
Chrome Releases Security Patch for 11 Code Execution Vulnerabilities
The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and Mac, is now being distributed through the stable channel and will reach…
-
Google Plans to Remove Chrome’s Tab Scrolling Feature
Google has decided to deprecate the “Tab Scrolling” feature in its Chrome browser, marking the end of a tool that many users relied on to manage large numbers of open tabs. This feature, previously accessible through a Chrome flag, allowed users to scroll horizontally through their open tabs, preventing them from being compressed into an…
-
âš¡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More
Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent”, until they are. What if your environment is already being tested, just not in ways you expected?Some of the most dangerous moves are hidden in plain sight. It’s worth asking: what patterns are…
-
Microsoft blockiert Google Chrome mittels Schutzfunktion
Seit Anfang Juni können einige Windows-Nutzer Google Chrome nicht mehr verwenden. Schuld daran ist eine Schutzfunktion für Minderjährige. First seen on golem.de Jump to article: www.golem.de/news/windows-schutzfunktion-von-microsoft-blockiert-google-chrome-2506-197357.html
-
Microsoft Family Safety Now Blocking All Versions of Google Chrome
In a development that has left students, parents, and educators frustrated, Microsoft’s Family Safety feature is now blocking all versions of Google Chrome from launching on Windows devices. The issue, which first surfaced in early June, has persisted for over two weeks without an official fix or comment from Microsoft, raising concerns about both digital…
-
DNS-Sperren umgehen bei Brave und Google Chrome im Handumdrehen
Wer unbeschwert surfen und dabei alle Einschränkungen durch Websperren umgehen will, bekommt für Google Chrome und Brave nun eine Anleitung. First seen on tarnkappe.info Jump to article: tarnkappe.info/tutorials/dns-sperren-umgehen-bei-brave-und-google-chrome-im-handumdrehen-316914.html
-
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).Google addressed the flaw later that month after Kaspersky…
-
Hackers Exploiting Chrome Zero”‘Day Vulnerability in the Wild
A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent threat (APT) group Team46, also known as TaxOff. The Attack Campaign The first signs of…
-
Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign
The post Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/team46-taxoff-exploits-google-chrome-zero-day-cve-2025-2783-in-sophisticated-phishing-campaign/
-
Palo Alto Networks fixed multiple privilege escalation flaws
Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability, tracked…
-
Google Chrome to Distrust Chunghwa Telecom and Netlock Certificate Authorities (CAs)”, What’s Next?
Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of compliance failures and a lack of measurable progress in addressing publicly reported issues. Chunghwa Telecom is Taiwan’s largest integrated……
-
Is Google Password Manager Safe to Use in 2025?
Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/is-google-password-manager-safe/
-
Multiple Chrome Flaws Enable Remote Code Execution by Attackers
Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for users. The official changelog provides a detailed breakdown of all modifications and enhancements included in…
-
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites.”Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan First seen on thehackernews.com Jump to…
-
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: >Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate…
-
âš¡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways”, through delays, odd behavior, or subtle gaps in control.This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look…
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/08/week-in-review-google-fixes-exploited-chrome-zero-day-patch-tuesday-forecast/
-
Popular Chrome Extensions Found Leaking Data via Unencrypted Connections
Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users. First seen on hackread.com Jump to article: hackread.com/popular-chrome-extensions-data-leak-unencrypted-connection/
-
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers
Tags: browser, chrome, credentials, cyber, cybersecurity, data, google, login, malware, microsoft, programming, rust, threatA newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of Chromium-based browsers such as Google Chrome, Microsoft Edge, and others. Dubbed >>RustStealer
-
Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code. This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data…
-
Chrome und Edge Notfall-Updates und Ärger in Chrome/Edge 137
Kurzer Nachtrag aus den letzten Tagen. Sowohl Google musste dem Chrome-Browser als auch Microsoft dem auf Chromium basierenden Edge-Browser ein dringendes Sicherheitsupdate spendieren. Hintergrund sind Sicherheitslücken, die wohl in freier Wildbahn von Bedrohungsakteuren ausgenutzt wurden. Zudem habe ich zwei Lesermeldungen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/06/chrome-und-edge-notfall-updates-und-edge-aerger/
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Google to drop trust of Chunghwa and NetLock certificates from Chrome
First seen on scworld.com Jump to article: www.scworld.com/news/google-to-drop-trust-of-chunghwa-and-netlock-certificates-from-chrome
-
Two certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
2 certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/google-fixes-chrome-zero-day-with-in-the-wild-exploit-cve-2025-5419/