Tag: chrome

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Mar 3, 2026 3:47 PM

Tags: access, browser, cctv, chrome, flaw, vulnerability

Researchers found a now-patched vulnerability in “Live in Chrome” that allowed a Chrome extension to inherit Gemini’s permissions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/chrome-flaw-let-extensions-hijack-geminis-camera-mic-and-file-access/
Chrome Gemini panel became privilege escalator for rogue extensions

Mar 3, 2026 1:47 PM

Tags: access, ai, browser, chrome, flaw, malicious

High-severity flaw let malicious add-ons access system via browser’s embedded AI feature First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/google_chrome_bug_gemini/
Chrome security flaw enabled spying via Gemini Live assistant

Mar 3, 2026 11:46 AM

Tags: ai, browser, chrome, control, cve, flaw, google, malicious, network, spy, vulnerability

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks

Mar 3, 2026 8:46 AM

Tags: attack, browser, chrome, computer, computing, cyber, google, group, Internet

Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) >>PKI, Logs, And Tree Signatures<< (PLANTS) working group, introduces Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem. Quantum computers…
Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely

Mar 3, 2026 6:47 AM

Tags: access, ai, browser, cctv, chrome, cve, cyber, data-breach, flaw, google, malicious, privacy, unauthorized, vulnerability

A newly discovered high-severity vulnerability in Google Chrome’s Gemini Live integration, tracked as CVE-2026-0628, exposed users to significant privacy and security risks. Researchers found that the flaw could allow malicious browser extensions to hijack the Gemini side panel, granting unauthorized access to a user’s camera, microphone, and local files. The integration of AI assistants into…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Mar 2, 2026 6:47 PM

Tags: access, browser, chrome, cve, cybersecurity, flaw, google, malicious, vulnerability

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Mar 2, 2026 6:47 PM

Tags: browser, chrome, cryptography, google, risk

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.”To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web…
Dust Specter APT Targets Government Officials in Iraq

Mar 2, 2026 5:47 PM

Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windows

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates

Mar 2, 2026 5:47 PM

Tags: browser, chrome, google

Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-quantum-safe-https/
Chrome Extension Hijacked to Push ClickFix Malware

Mar 2, 2026 4:49 PM

Tags: browser, chrome, crypto, malware

A trusted Chrome extension was hijacked to strip browser protections, deploy ClickFix malware, and steal cryptocurrency and user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-extension-hijacked-to-push-clickfix-malware/
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping

Mar 2, 2026 7:47 AM

Tags: browser, chrome, cyber, exploit, google, injection, remote-code-execution, tool

A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…
QuickLens Chrome extension steals crypto, shows ClickFix attack

Feb 28, 2026 9:37 PM

Tags: attack, browser, chrome, crypto, google, malware

A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Feb 26, 2026 5:37 PM

Tags: access, ai, browser, chrome, control, flaw, kali, linux, lockbit, software, tactics, threat

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update.Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder.Here is a quick look at the signals worth paying attention…
Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach

Feb 25, 2026 11:37 AM

Tags: browser, chrome, container, credentials, defense, framework, mfa, phishing, saas

Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/starkiller-phishing-framework-bypasses-defenses-with-reverse-proxies-takes-an-saas-approach/
Google Patches Three High-Severity Chrome Flaws

Feb 24, 2026 7:02 PM

Tags: browser, chrome, flaw, google

Google has fixed three high-severity Chrome flaws that could enable remote exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-three-high-severity-chrome-flaws/
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws

Feb 24, 2026 7:02 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, windows

Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The rapid deployment of these fixes highlights the ongoing challenges in securing widely used web browsers…
Chrome Zero-Day CVE-2026-2441: The CSS Trap Blog – Menlo Security

Feb 20, 2026 11:01 AM

Tags: browser, chrome, cloud, cve, endpoint, update, zero-day

Discover why the latest Chrome zero-day (CVE-2026-2441) proves patching isn’t enough. Learn how cloud isolation secures endpoints against CSS memory exploits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/chrome-zero-day-cve-2026-2441-the-css-trap-blog-menlo-security/
Google Rushes Out Critical Chrome Update to Address Serious PDFium and V8 Vulnerabilities

Feb 20, 2026 9:01 AM

Tags: browser, chrome, cyber, flaw, google, malicious, update, vulnerability, windows

Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable Channel update bumps versions to 145.0.7632.109/.110 for Windows and Mac, and 144.0.7559.109 for Linux. High-severity issues in PDFium, the engine that handles PDF files in Chrome and V8, the speedy…
Millionen Chrome-Erweiterungen geben Browserverlauf preis

Feb 18, 2026 5:58 PM

Tags: ai, browser, bug, chrome, cloud, container, docker, encryption, google, privacy, tool, vpn

Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass der Browserverlauf der Anwender offengelegt ist.Ein Sicherheitsforscher mit dem Pseudonym ‘Q Continuum” hat 287 Chrome-Erweiterungen entdeckt, die den Browserverlauf exfiltrieren. ‘Die Akteure hinter den Lecks sind vielfältig: Similarweb, Curly Doggo, Offidocs, chinesische Akteure, viele kleinere, unbekannte Datenbroker sowie ein mysteriöses Unternehmen namens “šBig Star Labs’, das offenbar…
Keenadu: Android malware that comes preinstalled and can’t be removed by users

Feb 18, 2026 1:58 PM

Tags: access, ai, android, backdoor, banking, browser, cctv, chrome, control, credentials, data, endpoint, firmware, governance, identity, infection, kaspersky, malware, mitigation, mobile, network, risk, software, update

Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation

Feb 18, 2026 11:58 AM

Tags: apt, attack, browser, chrome, control, cyber, cybersecurity, exploit, google, group, network, security-incident, vulnerability, windows, zero-day

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted…The…
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Feb 18, 2026 8:58 AM

Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
Chrome >>preloading<< could be leaking your data and causing problems in Browser Guard

Feb 17, 2026 8:58 PM

Tags: browser, chrome, data

This article explains why Chrome’s “preloading” can cause scary-looking blocks in Malwarebytes Browser Guard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/chrome-preloading-could-be-leaking-your-data-and-causing-problems-in-browser-guard/
Update Chrome now: Zero-day bug allows code execution via malicious webpages

Feb 17, 2026 2:58 PM

Tags: browser, chrome, exploit, google, malicious, update, zero-day

Google has released an emergency update to patch an actively exploited zero-day”, the first Chrome zero-day of the year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/
Malicious Chrome Extension Exposes Facebook Business Manager Accounts to 2FA and Analytics Theft

Feb 17, 2026 8:58 AM

Tags: 2fa, authentication, browser, business, chrome, cyber, google, malicious, mfa, theft, tool

A malicious Google Chrome extension, CL Suite by @CLMasters, which masquerades as a productivity tool for Meta Business Suite while silently stealing sensitive authentication data. Although the extension markets itself as a solution to >>remove verification popups<>generate 2FA codes,<< its actual function is to exfiltrate Two-Factor Authentication (2FA) seeds, one-time codes, and detailed business […] The…
Was CISOs über OpenClaw wissen sollten

Feb 16, 2026 9:58 PM

Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerability

Lesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions

Feb 16, 2026 7:58 PM

Tags: browser, chrome, control, malicious, network, tool

Researchers said they identified a network of five Chrome extensions, marketed as tools to change themes and enhance the VK user experience, that took control of infected accounts and manipulated settings without users’ consent. First seen on therecord.media Jump to article: therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension

Feb 16, 2026 3:58 PM

Tags: 2fa, browser, business, chrome, data-breach

A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension

Feb 16, 2026 3:58 PM

Tags: 2fa, browser, business, chrome, data-breach

A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
260K+ Chrome Users Duped by Fake AI Browser Extensions

Feb 16, 2026 3:58 PM

Tags: ai, browser, chrome, google

30 copycat apps tricked users, and Google itself, into thinking they’re legitimate AI tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/chrome-fake-ai-browser-extensions