Tag: chrome

Google Chrome data leakage bug confirmed as actively exploited

May 17, 2025 10:54 PM

Tags: browser, chrome, data, exploit, google

First seen on scworld.com Jump to article: www.scworld.com/news/google-chrome-bug-that-could-leak-sensitive-info-actively-exploited
Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

May 16, 2025 9:54 PM

Tags: browser, chrome, cisa, exploit, flaw, google, vulnerability

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/cisa-recently-fixed-chrome-vulnerability-exploited-in-the-wild-cve-2025-4664/
CISA tags recently patched Chrome bug as actively exploited

May 16, 2025 10:54 AM

Tags: attack, browser, chrome, cisa, exploit, vulnerability

On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/
Google fixed a Chrome vulnerability that could lead to full account takeover

May 16, 2025 9:54 AM

Tags: browser, chrome, cve, google, update, vulnerability

Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
Google patches Chrome vulnerability used for account takeover and MFA bypass

May 15, 2025 9:54 PM

Tags: access, attack, browser, chrome, cloud, cve, data, exploit, flaw, google, mfa, microsoft, ransomware, risk, russia, service, update, vulnerability, windows

How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without…
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers

May 13, 2025 6:38 PM

Tags: browser, chrome

This is the fourth article in our series on anti-detect browsers. In the previous post, we explained how to detect anti-fingerprinting scripts injected via Chrome DevTools Protocol (CDP). Here, we analyze Hidemium, a popular anti-detect browser, and describe how it can be detected. We start with a high-level overview of First seen on securityboulevard.com Jump…
Detecting Remote Monitoring and Management Tools Used by Attackers

May 12, 2025 8:10 PM

Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windows

Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…
Chrome 137 Integrates Gemini Nano AI to Combat Tech Support Scams

May 10, 2025 6:10 PM

Tags: ai, browser, chrome, cyber, defense, exploit, google, intelligence, malicious, scam, threat, update

Google has unveiled a groundbreaking defense mechanism in Chrome 137, integrating its on-device Gemini Nano large language model (LLM) to detect and block these malicious campaigns in real time. This update marks a significant leap in combating evolving cyber threats by leveraging artificial intelligence directly within users’ browsers. Tech support scams exploit psychological manipulation, mimicking…
Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams

May 10, 2025 5:10 PM

Tags: ai, android, browser, chrome, cyber, cybersecurity, data, detection, finance, google, intelligence, scam, theft, threat

Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking a significant leap in preemptive threat detection and user protection. These advancements aim to counteract…
So soll euch der Google-Browser künftig vor Online-Betrug schützen

May 9, 2025 11:10 PM

Tags: browser, chrome, fraud, google

First seen on t3n.de Jump to article: t3n.de/news/google-chrome-ki-online-betrug-1686457/
Google Chrome to use on-device AI to detect tech support scams

May 9, 2025 8:11 PM

Tags: ai, browser, chrome, google, scam

Google is implementing a new Chrome security feature that uses the built-in ‘Gemini Nano’ large-language model (LLM) to detect and block tech support scams while browsing the web. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-use-on-device-ai-to-detect-tech-support-scams/
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

May 9, 2025 8:11 PM

Tags: browser, chrome, credentials, detection, malware, north-korea, theft, threat

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…
Google Deploys On-Device AI to Thwart Scams on Chrome and Android

May 9, 2025 3:10 PM

Tags: ai, android, browser, chrome, detection, google, LLM, scam

The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-ai-gemini-nano-scams-chrome/
What your browser knows about you, from contacts to card numbers

May 9, 2025 12:11 PM

Tags: browser, chrome, data, mobile

Chrome and Safari are the most popular browser apps, accounting for 90% of the mobile browsers market share, according to Surfshark. Chrome: the most data-hungry browser … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/09/browser-data-collection-tracking/
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

May 9, 2025 10:11 AM

Tags: ai, android, browser, chrome, google, intelligence, scam

Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.”The on-device approach provides instant insight on risky websites and allows us…
Guess Which Browser Tops the List for Data Collection!

May 8, 2025 4:10 PM

Tags: apple, browser, chrome, cyber, data, finance, google

Google Chrome has emerged as the undisputed champion of data collection among 10 popular web browsers studied on the Apple App Store. Collecting a staggering 20 different data types, Chrome surpasses all competitors by a significant margin. From personal contact information and precise financial details-such as payment methods and card numbers-to location data, browsing history,…
Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users

May 6, 2025 12:50 PM

Tags: browser, chrome, cyber, exploit, hacker, malicious, social-engineering, windows

Hackers are leveraging a sophisticated social engineering technique dubbed >>ClickFix>fix
Chrome 136 Fixes 20-Year-Old Privacy Bug in Latest Update

Apr 30, 2025 7:52 AM

Tags: browser, chrome, cyber, google, linux, privacy, update, windows

Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac, and Linux, bringing significant security and privacy upgrades to millions of users worldwide. The update, set to be distributed over the coming days and weeks, addresses a range of vulnerabilities. However, its most notable change closes a privacy loophole that has…
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions Technical Details Revealed

Apr 29, 2025 3:51 PM

Tags: browser, chrome, cve, cvss, cyber, flaw, google, malicious, vulnerability, windows

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within Mojo, enabling remote attackers to craft malicious payloads that, when triggered through user interaction like…
Keeper Security optimiert Browser-Erweiterung

Apr 28, 2025 12:51 PM

Tags: apple, browser, chrome, microsoft

Die neue Browser-Erweiterung Keeper 17.1 ist ab sofort im Chrome Web Store, Apple App Store, Microsoft Edge Add-ons Store sowie im Firefox Add-ons Store verfügbar. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/keeper-security-optimiert-browser-erweiterung/a40607/
Chrome UAF Process Vulnerabilities Actively Exploited

Apr 25, 2025 2:50 PM

Tags: browser, chrome, cyber, defense, exploit, flaw, google, vulnerability

Security researchers have revealed that two critical use-after-free (UAF) vulnerabilities in Google Chrome’s Browser process were actively exploited in the wild, exposing users to potential sandbox escapes and arbitrary code execution. However, Google’s deployment of the MiraclePtr defense mechanism ensures these flaws are no longer exploitable, marking a significant milestone in browser security. Technical Analysis…
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Apr 25, 2025 2:50 PM

Tags: ai, browser, chrome

Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-extension-ai-engine-act-mcp/
Google Chrome Keeps Third-Party Cookies Settings, Lets Users ‘Make an Informed Choice’

Apr 24, 2025 8:50 AM

Tags: browser, chrome, google, privacy

Privacy Sandbox, originally pitched as an alternative to cross-site ad tracking, will not show a standalone prompt. Instead, Chrome is readying a different “informed choice.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/new-google-chrome-privacy-sandbox-third-party-ads/
Over 6 Million Chrome Extensions Found Executing Remote Commands

Apr 18, 2025 11:28 AM

Tags: browser, chrome, cyber, google, monitoring, network

Security researchers have uncovered a network of over 35 Google Chrome extensions”, collectively installed on more than 6 million browsers”, secretly executing remote commands and potentially spying on users for years. The alarming discovery began during a routine security review at an organization using a monitoring feature provided by Secure Annex. Among a list of…
Chrome extensions with 6 million installs have hidden tracking code

Apr 17, 2025 7:28 PM

Tags: browser, chrome, monitoring

A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/
Critical Chrome Vulnerability Exposes Users to Data Theft and Unauthorized Access

Apr 16, 2025 8:28 AM

Tags: access, browser, chrome, cyber, data, google, theft, threat, unauthorized, update, vulnerability, windows

A critical security vulnerability has been discovered in Google Chrome, prompting an urgent update as millions of users worldwide face potential threats of data theft and unauthorized access. The newly released Stable channel update”, now available as version 135.0.7049.95/.96 for Windows and Mac, and 135.0.7049.95 for Linux”, is being rolled out over the next few…
After 20 Years, Google Patches Major Web Privacy Vulnerability

Apr 14, 2025 2:33 PM

Tags: browser, chrome, data-breach, google, privacy, vulnerability

After two decades of persistent concern among privacy advocates and web security researchers, Google is finally rolling out a fix for a long-standing vulnerability in Chrome that has silently exposed users’ browsing history. The issue stems from how browsers have… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/chrome-136-ends-20-year-privacy-leak/
Chrome 136 fixes 20-year browser history privacy risk

Apr 14, 2025 1:34 PM

Tags: browser, chrome, google, privacy, risk

Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users’ browsing history through the previously visited links. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chrome-136-fixes-20-year-browser-history-privacy-risk/
Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Apr 12, 2025 11:02 AM

Tags: android, browser, chrome, cyber, cybersecurity, google, hacker, malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a faÃ§ade of credible application installation pages, enticing victims with downloads that appear legitimate, including apps like Google Chrome. The sites are engineered with features…