Tag: chrome
-
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/
-
New Silent Push Chrome tool delivers real-time cyber intel
First seen on scworld.com Jump to article: www.scworld.com/brief/new-silent-push-chrome-tool-delivers-real-time-cyber-intel
-
Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
The Chrome team at Google has officially released Chrome 137 to the stable channel for Windows, Mac, and Linux platforms. This update, version 137.0.7151.55/56, brings a host of security improvements, bug fixes, and technical enhancements, reinforcing Chrome’s position as a leading web browser for both everyday users and enterprise environments. Security Enhancements and Technical Fixes…
-
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials
Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
-
Over 40 Malicious Chrome Extensions Impersonate Popular Brands to Steal Sensitive Data
Tags: browser, chrome, cyber, cybersecurity, data, google, intelligence, malicious, phishing, tacticsCybersecurity firm LayerX has uncovered over 40 malicious Chrome browser extensions, many of which are still available on the Google Chrome Web Store. These extensions, part of three distinct phishing campaigns, were designed to impersonate well-known and trusted applications and brands. Detailed Analysis Reveals Impersonation Tactics LayerX, building off initial research by the DomainTools Intelligence…
-
Chrome-Sicherheitsupdate schließt Schwachstelle CVE-2025-4664 (14. Mai 2025)
Kleiner Nachtrag zum Google Chrome-Browser. Zum 14. Mai 2025 hat Google den Chrome-Browser auf die Versionen 136.0.7103.113/.114 aktualisiert, um die Schwachstelle CVE-2025-4664 zu schließen. Die Tage sind mir einige Informationen zu dieser Schwachstelle untergekommen, die ich nachfolgend kurz einstelle. Google … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/24/chrome-sicherheitsupdate-schliesst-schwachstelle-cve-2025-4664/
-
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity
A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately. First seen on hackread.com Jump to article: hackread.com/chrome-0-day-cve-2025-4664-windows-linux-browser-activity/
-
Google Chrome’s Built-in Manager Lets Users Update Breached Passwords with One Click
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Legitimate tools spoofed by infostealing Chrome extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/legitimate-tools-spoofed-by-infostealing-chrome-extensions
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
-
Schwachstelle in Chrome wird derzeit aktiv ausgenutzt
Eine Anfang Mai bekannt gewordene Sicherheitslücke in Google Chrome wird derzeit aktiv ausgenutzt, wie die US-Sicherheitsbehörde CISA warnt. Nutzer sollten schnellstmöglich ein Update durchführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/schwachstelle-in-chrome-wird-derzeit-aktiv-ausgenutzt
-
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.”The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis First seen on…
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/18/week-in-review-microsoft-patches-5-actively-exploited-0-days-recently-fixed-chrome-vulnerability-exploited/
-
Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/cisa-recently-fixed-chrome-vulnerability-exploited-in-the-wild-cve-2025-4664/
-
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/
-
Google fixed a Chrome vulnerability that could lead to full account takeover
Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
-
Google patches Chrome vulnerability used for account takeover and MFA bypass
How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without…
-
Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers
This is the fourth article in our series on anti-detect browsers. In the previous post, we explained how to detect anti-fingerprinting scripts injected via Chrome DevTools Protocol (CDP). Here, we analyze Hidemium, a popular anti-detect browser, and describe how it can be detected. We start with a high-level overview of First seen on securityboulevard.com Jump…
-
Chrome 137 Integrates Gemini Nano AI to Combat Tech Support Scams
Google has unveiled a groundbreaking defense mechanism in Chrome 137, integrating its on-device Gemini Nano large language model (LLM) to detect and block these malicious campaigns in real time. This update marks a significant leap in combating evolving cyber threats by leveraging artificial intelligence directly within users’ browsers. Tech support scams exploit psychological manipulation, mimicking…
-
Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams
Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking a significant leap in preemptive threat detection and user protection. These advancements aim to counteract…
-
So soll euch der Google-Browser künftig vor Online-Betrug schützen
First seen on t3n.de Jump to article: t3n.de/news/google-chrome-ki-online-betrug-1686457/
-
Google Chrome to use on-device AI to detect tech support scams
Google is implementing a new Chrome security feature that uses the built-in ‘Gemini Nano’ large-language model (LLM) to detect and block tech support scams while browsing the web. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-use-on-device-ai-to-detect-tech-support-scams/
-
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…