Tag: chrome
-
Is Google Password Manager Safe to Use in 2025?
Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/is-google-password-manager-safe/
-
Multiple Chrome Flaws Enable Remote Code Execution by Attackers
Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for users. The official changelog provides a detailed breakdown of all modifications and enhancements included in…
-
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites.”Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan First seen on thehackernews.com Jump to…
-
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: >Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate…
-
âš¡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways”, through delays, odd behavior, or subtle gaps in control.This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look…
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/08/week-in-review-google-fixes-exploited-chrome-zero-day-patch-tuesday-forecast/
-
Popular Chrome Extensions Found Leaking Data via Unencrypted Connections
Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users. First seen on hackread.com Jump to article: hackread.com/popular-chrome-extensions-data-leak-unencrypted-connection/
-
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers
Tags: browser, chrome, credentials, cyber, cybersecurity, data, google, login, malware, microsoft, programming, rust, threatA newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of Chromium-based browsers such as Google Chrome, Microsoft Edge, and others. Dubbed >>RustStealer
-
Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code. This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data…
-
Chrome und Edge Notfall-Updates und Ärger in Chrome/Edge 137
Kurzer Nachtrag aus den letzten Tagen. Sowohl Google musste dem Chrome-Browser als auch Microsoft dem auf Chromium basierenden Edge-Browser ein dringendes Sicherheitsupdate spendieren. Hintergrund sind Sicherheitslücken, die wohl in freier Wildbahn von Bedrohungsakteuren ausgenutzt wurden. Zudem habe ich zwei Lesermeldungen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/06/chrome-und-edge-notfall-updates-und-edge-aerger/
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Google to drop trust of Chunghwa and NetLock certificates from Chrome
First seen on scworld.com Jump to article: www.scworld.com/news/google-to-drop-trust-of-chunghwa-and-netlock-certificates-from-chrome
-
Two certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
2 certificate authorities booted from the good graces of Chrome
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/chrome-boots-2-certificate-authorities-citing-a-lack-of-trust-and-confidence/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/google-fixes-chrome-zero-day-with-in-the-wild-exploit-cve-2025-5419/
-
New Malware Attack Uses Malicious Chrome Edge Extensions to Steal Sensitive Data
Cybersecurity experts from Positive Technologies’ Security Expert Center have uncovered a sophisticated malicious campaign dubbed >>Phantom Enigma,
-
Emergency Chrome Update to Fix Actively Exploited CVE-2025-5419
In an unusual out-of-band release, Google has issued an urgent update to its Chrome browser to patch three security vulnerabilities, including one that is currently being exploited in real-world attacks. Critical Vulnerability in Chrome’s V8 Engine The most serious of… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/update-chrome-cve-2025-5419/
-
Google patches third zero-day flaw in Chrome this year
Vulnerability in the JavaScript engine: The Chrome team described the vulnerability as an out of bounds memory read and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is used in other projects as well, including the Node.js runtime. Because the engine is designed to interpret and execute JavaScript and…
-
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/google_chrome_zero_day_emergency_fix/
-
Chrome Drops Trust for Chunghwa, Netlock Certificates
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/chrome-drop-trust-chunghwa-netlock-certificates
-
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/
-
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
-
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will…
-
Notfallupdate: Aktiv ausgenutzte Chrome-Lücke gefährdet Nutzer
Wer Google Chrome verwendet, sollte den Browser dringend aktualisieren. Mehrere gefährliche Schwachstellen wurden gepatcht. Eine davon wird bereits aktiv ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-aktiv-ausgenutzte-chrome-luecke-gefaehrdet-nutzer-2506-196771.html
-
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.”Out of bounds…