Tag: chrome
-
Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)
For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/update-google-chrome-to-fix-actively-exploited-zero-day-cve-2025-6558/
-
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément…
-
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/
-
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.”Insufficient validation of…
-
Sicherheitslücke: Hacker attackieren Chrome-Nutzer per Sandbox-Escape
In Google Chrome klaffen mehrere gefährliche Sicherheitslücken. Eine wird schon aktiv ausgenutzt und ermöglicht einen Ausbruch aus der Sandbox. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-zero-day-luecke-in-chrome-laesst-hacker-aus-sandbox-ausbrechen-2507-198152.html
-
Google Chrome 0-Day Vulnerability Under Active Exploitation
Google has released an emergency security update for Chrome 138 to address a critical zero-day vulnerability that is actively being exploited in the wild. The vulnerability, tracked as CVE-2025-6558, affects the browser’s ANGLE and GPU components and has prompted immediate action from Google’s security team to protect users from ongoing attacks. Critical Zero-Day Vulnerability Discovered…
-
Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures. The new device-level security setting, available on Android 16 with Chrome 137+, offers comprehensive protection against sophisticated cyber threats through three key security enhancements. The…
-
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
These extensions weren’t malware-laced from the start, researcher says First seen on theregister.com Jump to article: www.theregister.com/2025/07/08/browser_hijacking_campaign/
-
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/18-malicious-chrome-edge-extensions/
-
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
-
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/06/week-in-review-sudo-local-privilege-escalation-flaws-fixed-google-patches-actively-exploited-chrome/
-
Actively exploited Chrome zero-day addressed
First seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-chrome-zero-day-addressed
-
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626960/Google-fixes-type-confusion-flaw-in-Chrome-browser
-
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. >>Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker…
-
Chrome Zero-Day, ‘FoxyWallet’ Firefox Attacks Threaten Browsers
Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/browsers-targeted-chrome-zero-day-malicious-firefox-extensions
-
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025
Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/
-
Chrome Zero-Day CVE-2025-6554 Under Active Attack, Google Issues Security Update
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Google fixes fourth actively exploited Chrome zero-day of 2025
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
-
Google patches actively exploited Chrome (CVE”‘2025″‘6554)
Google has released a security update for Chrome to address a zero”‘day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/
-
New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections
Tags: attack, breach, browser, chrome, credentials, cyber, cybersecurity, data, encryption, google, risk, theftCybersecurity researchers have unveiled a new attack”, dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)”, that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption…
-
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code
Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked asCVE-2025-6554, is atype confusionvulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by…
-
Microsoft confirms Family Safety blocks Google Chrome from launching
Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-family-safety-blocks-google-chrome-from-launching/
-
Windows Family Safety: Chrome-Blockade bestätigt
Nutzer beklagen sich seit Anfang Juni 2025, dass sie den Google Chrome-Browser nicht mehr verwenden können, wenn Microsoft Family Safety unter Windows installiert ist. Ich hatte darüber berichtet und nun hat Microsoft das Ganze offiziell in einem Support-Beitrag bestätigt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/26/windows-family-safety-chrome-blockade-bestaetigt/