Tag: chrome
-
Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension
Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/freevpn_privacy_research/
-
Critical Chrome Flaw CVE”‘2025″‘9132 Exposes Browsers to Remote Code Execution
The Hong Kong Computer Emergency Response Team Coordination Center issued an alert regarding a remote code execution flaw in Google Chrome. The Chrome team reported the same vulnerability. The Chrome flaw, identified as CVE”‘2025″‘9132, stems from an out-of-bounds write in V8, Chrome’s JavaScript engine, which could allow attackers to execute arbitrary code remotely. First seen…
-
Legitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive Data
A Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote servers. Despite its privacy policy explicitly stating that the developer does not collect or use user…
-
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI.…
-
Chrome High-Severity Vulnerability Could Let Attackers Run Arbitrary Code
Google has released an emergency security update for Chrome to address a high-severity vulnerability that could potentially allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-9132, affects the V8 JavaScript engine and represents a critical security risk for millions of Chrome users worldwide. Critical V8 Engine Flaw Discovered The newly…
-
Legitimate Chrome VPN Extension Turns to Browser Spyware
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/
-
Google Chrome Enterprise: Advanced Browser Security for the Modern Workforce
In this Dark Reading News Desk interview, Google’s Mark Berschadski highlights the critical role browsers play in today’s work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/google-chrome-enterprise-advanced-browser-security-modern-workforce
-
Google Chrome Enterprise: Extend Protections From Browser to OS
Dark Reading’s Terry Sweeney and Google’s Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a common conduit through which a lot of business is done. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/google-chrome-enterprise-extend-protections-from-browser-to-os
-
Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web
Dark Reading’s Terry Sweeney and Google Cloud Security’s Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-enterprise-keeping-businesses-safe-from-threats-on-the-web
-
Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw
Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the…
-
Bug-Bounty-Prämie: 250.000 US-Dollar für eine Sicherheitslücke in Chrome
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen und Schadcode auf dem System auszuführen. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Höchste Bug-Bounty-Prämie: Google zahlt 250.000 US-Dollar für eine Chrome-Lücke
Angreifer können die Lücke ausnutzen, um aus der Sandbox von Google Chrome auszubrechen. Der Entdecker hat dafür eine Viertelmillion US-Dollar erhalten. First seen on golem.de Jump to article: www.golem.de/news/sandbox-escape-google-zahlt-250-000-us-dollar-fuer-eine-chrome-luecke-2508-199057.html
-
Chrome sandbox escape nets security researcher $250,000 reward
Researcher earns Google Chrome ‘s top $250K bounty for a sandbox escape vulnerability enabling remote code execution. A researcher who goes online with the moniker ‘Micky’ earned $250,000 from Google for reporting a high-severity Chrome vulnerability. The flaw, tracked as CVE-2025-4609, resides in the Mojo IPC system, an attacker can exploit the flaw to escape…
-
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX…
-
ChromeAlone A Browser Based Cobalt Strike Like C2 Tool That Turns Chrome Into a Hacker’s Playground
At DEF CON 33, security researcher Mike Weber of Praetorian Security unveiled ChromeAlone, a Chromium-based browser Command & Control (C2) framework capable of replacing traditional offensive security implants like Cobalt Strike or Meterpreter. Not long ago, web browsers were little more than wrappers for HTTP requests. Today, they are complex, feature-packed platforms, so sophisticated […]…
-
Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as…
-
Brave Browser-Tipps: Den Chrome-basierten Browser optimal nutzen
So optimierst du den auf Chrome basierenden Brave Browser für maximale Sicherheit und Komfort. Praxistipps ohne Technik-Kenntnisse! First seen on tarnkappe.info Jump to article: tarnkappe.info/tutorials/brave-browser-tipps-den-chrome-basierten-browser-optimal-nutzen-319146.html
-
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
PXA Stealer pilfers data from nearly 40 browsers, including Chrome First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/pxa_stealer_4000_victims/
-
Apple Patches Zero-Day Exploit Targeting Google Chrome Users
A zero-day exploit targeted Google Chrome users has been patched by Apple. Their latest updates target a variety of devices and operating systems. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-zero-day-chrome-exploit-patch/
-
Apple fixed a zero-day exploited in attacks against Google Chrome users
Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Apple released security updates to address a high-severity vulnerability, tracked as CVE-2025-6558 (CVSS score of 8.8), that has been exploited in zero-day attacks targeting Google Chrome users. The vulnerability is an insufficient validation of untrusted input in ANGLE and…
-
Apple patches security flaw exploited in Chrome zero-day attacks
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/
-
Apple Patches Multiple Vulnerabilities, Including Safari Vulnerability Abused in Chrome 0-Day Attacks
Apple has released a comprehensive set of security updates across its entire product ecosystem on July 29, 2025, addressing multiple vulnerabilities including a critical Safari flaw that was reportedly exploited in Chrome zero-day attacks. The updates span iOS, iPadOS, macOS, watchOS, tvOS, and visionOS platforms, demonstrating the company’s commitment to maintaining security across all its…
-
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that…
-
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen…
-
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code
Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming…
-
Raven Stealer Malware Exploits Telegram to Steal Logins, Payment Data, and Autofill Info
Raven Stealer has emerged as sophisticated, lightweight information-stealing malware crafted in Delphi and C++, targeting Windows systems with a focus on extracting sensitive data like logins, payment details, and autofill information from Chromium-based browsers such as Chrome and Edge. First spotted on GitHub on July 15, 2025, this malware operates with high stealth, requiring minimal…
-
SHUYAL Emerges: Stealing Login Credentials from 19 Major Browsers
A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential extraction from 19 different web browsers, including popular ones like Google Chrome, Microsoft Edge, Opera, Brave, and Yandex, as well as more specialized ones like Opera GX, Vivaldi, Chromium, Waterfox, Tor, Epic Privacy Browser, Comodo…
-
Chrome’s AI Challenger Has Landed: Meet Comet
Perplexity’s Comet Blends Familiarity With Agentic AI to Reshape the Web. Perplexity, the fast-rising AI search engine startup backed by the likes of Nvidia and Jeff Bezos, is riding on a cosmic high with the launch of Comet – a full-featured AI-native web browser that claims to browse at the speed of thought. First seen…
-
âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
-
Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/20/week-in-review-google-fixes-zero-day-vulnerability-in-chrome-critical-sql-injection-flaw-in-fortiweb/