Tag: chrome
-
2 certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/google-fixes-chrome-zero-day-with-in-the-wild-exploit-cve-2025-5419/
-
New Malware Attack Uses Malicious Chrome Edge Extensions to Steal Sensitive Data
Cybersecurity experts from Positive Technologies’ Security Expert Center have uncovered a sophisticated malicious campaign dubbed >>Phantom Enigma,
-
Emergency Chrome Update to Fix Actively Exploited CVE-2025-5419
In an unusual out-of-band release, Google has issued an urgent update to its Chrome browser to patch three security vulnerabilities, including one that is currently being exploited in real-world attacks. Critical Vulnerability in Chrome’s V8 Engine The most serious of… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/update-chrome-cve-2025-5419/
-
Google patches third zero-day flaw in Chrome this year
Vulnerability in the JavaScript engine: The Chrome team described the vulnerability as an out of bounds memory read and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is used in other projects as well, including the Node.js runtime. Because the engine is designed to interpret and execute JavaScript and…
-
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/google_chrome_zero_day_emergency_fix/
-
Chrome Drops Trust for Chunghwa, Netlock Certificates
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/chrome-drop-trust-chunghwa-netlock-certificates
-
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/
-
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
-
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will…
-
Notfallupdate: Aktiv ausgenutzte Chrome-Lücke gefährdet Nutzer
Wer Google Chrome verwendet, sollte den Browser dringend aktualisieren. Mehrere gefährliche Schwachstellen wurden gepatcht. Eine davon wird bereits aktiv ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-aktiv-ausgenutzte-chrome-luecke-gefaehrdet-nutzer-2506-196771.html
-
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.”Out of bounds…
-
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/
-
New Silent Push Chrome tool delivers real-time cyber intel
First seen on scworld.com Jump to article: www.scworld.com/brief/new-silent-push-chrome-tool-delivers-real-time-cyber-intel
-
Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
The Chrome team at Google has officially released Chrome 137 to the stable channel for Windows, Mac, and Linux platforms. This update, version 137.0.7151.55/56, brings a host of security improvements, bug fixes, and technical enhancements, reinforcing Chrome’s position as a leading web browser for both everyday users and enterprise environments. Security Enhancements and Technical Fixes…
-
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials
Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
-
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tacticsCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…
-
Chrome-Sicherheitsupdate schließt Schwachstelle CVE-2025-4664 (14. Mai 2025)
Kleiner Nachtrag zum Google Chrome-Browser. Zum 14. Mai 2025 hat Google den Chrome-Browser auf die Versionen 136.0.7103.113/.114 aktualisiert, um die Schwachstelle CVE-2025-4664 zu schließen. Die Tage sind mir einige Informationen zu dieser Schwachstelle untergekommen, die ich nachfolgend kurz einstelle. Google … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/24/chrome-sicherheitsupdate-schliesst-schwachstelle-cve-2025-4664/
-
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity
A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately. First seen on hackread.com Jump to article: hackread.com/chrome-0-day-cve-2025-4664-windows-linux-browser-activity/
-
Google Chrome’s Built-in Manager Lets Users Update Breached Passwords with One Click
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Legitimate tools spoofed by infostealing Chrome extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/legitimate-tools-spoofed-by-infostealing-chrome-extensions
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Schwachstelle in Chrome wird derzeit aktiv ausgenutzt
Eine Anfang Mai bekannt gewordene Sicherheitslücke in Google Chrome wird derzeit aktiv ausgenutzt, wie die US-Sicherheitsbehörde CISA warnt. Nutzer sollten schnellstmöglich ein Update durchführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/schwachstelle-in-chrome-wird-derzeit-aktiv-ausgenutzt
-
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/18/week-in-review-microsoft-patches-5-actively-exploited-0-days-recently-fixed-chrome-vulnerability-exploited/