Tag: chrome
-
Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
Angreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. First seen on golem.de Jump to article: www.golem.de/news/dringend-patchen-gefaehrliche-zero-day-luecke-in-chrome-fuer-spionage-ausgenutzt-2503-194682.html
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild
Google has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783. This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections. The update, version 134.0.6998.177 for Windows, addresses this critical issue and is set to roll out over the coming days.…
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
Tags: attack, browser, chrome, cve, exploit, google, kaspersky, remote-code-execution, vulnerability, zero-dayThe vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive…
-
Advanced Malware Targets Cryptocurrency Wallets
More attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers. The malware targets many widely used cryptocurrency wallet browser extensions: 1. Bitget Wallet (Formerly BitKeep) 2. Trust Wallet 3. TronLink…
-
New phishing campaign uses scareware to steal Apple credentials
The campaign previously targeted Windows users: According to LayerX researchers, the campaign has been seen targeting Mac users only in the last few months. Initially, it targeted Windows users by masquerading as Microsoft security alerts.Designed to steal user credentials, threat actors have apparently shifted focus to Mac users owing to new security features being rolled…
-
Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code
Google has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden digital landscape. The latest version, 134.0.6998.117/.118, is being rolled out across Windows, Mac, and Linux…
-
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw. The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-critical-chrome-bug-capital-one-hacker-resententencing-story-of-expat-flaw/
-
Google warnt: Kritische Sicherheitslücke in Chrome gefährdet Nutzer
Viele Details nennt Google zu der Chrome-Lücke nicht, eine Schadcodeausführung ist aber nicht auszuschließen. Angriffe gelingen aus der Ferne. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-kritische-sicherheitsluecke-in-chrome-gefaehrdet-nutzer-2503-194497.html
-
How to detect Headless Chrome bots instrumented with Playwright?
Headless Chrome bots powered by Playwright have become a go-to tool for bot developers due to their flexibility and efficiency. Playwright’s cross-browser capabilities, coupled with an API similar to Puppeteer and the lightweight nature of Headless Chrome, make it a powerful choice for tasks like web scraping, credential First seen on securityboulevard.com Jump to article:…
-
Microsoft identifies new RAT targeting cryptocurrency wallets and more
A previously unreported remote access trojan that Microsoft researchers dubbed StilachiRAT is designed to steal a wide range of data, including information about cryptocurrency wallet extensions for Google’s Chrome browser. First seen on therecord.media Jump to article: therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets
-
Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers
A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-researcher-llm/
-
StilachiRAT Exploits Chrome for Crypto Wallets and Credentials
StilachiRAT: Sophisticated malware targets crypto wallets credentials. Undetected, it maps systems steals data. Microsoft advises strong security measures. First seen on hackread.com Jump to article: hackread.com/stilachirat-exploits-chrome-crypto-wallets-credentials/
-
How to detect Headless Chrome bots instrumented with Puppeteer?
Headless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use, combined with the lightweight nature of Headless Chrome, makes it a preferred tool over its full-browser counterpart. It is commonly used for web scraping, credential stuffing attacks, and the First seen on securityboulevard.com Jump to article:…
-
Latest Chrome Update Addresses Multiple High-Risk Security Issues
Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel. This update includes several high-priority security fixes to safeguard users against potential threats. The rollout will occur over the coming days and…
-
Cloudflare’s bot bouncer blocks weirdo browsers
Not on Firefox or a Chrome derivative? You shall not pass First seen on theregister.com Jump to article: www.theregister.com/2025/03/04/cloudflare_blocking_niche_browsers/
-
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities
Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-134-firefox-136-patch-high-severity-vulnerabilities/
-
Chrome 134 Launches with Patches for 14 Crash-Inducing Vulnerabilities
Google has rolled out Chrome 134 to the stable channel for Windows, macOS, and Linux, addressing14 security vulnerabilities”, including high-severity flaws that could enable remote code execution or crashes. The update, version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS, follows weeks of testing and includes critical fixes for vulnerabilities in components like…
-
Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers
The problem started with Manifest V3, Chrome’s new extension specification, which is supposed to improve privacy. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/chrome-extension-firefox-ublock-origin/
-
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers
Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firefox-continues-manifest-v2-support-as-chrome-disables-mv2-ad-blockers/
-
Widespread Chrome Malware: 16 Extensions Infect Over 3.2 Million Users
A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have compromised at least 3.2 million users. These extensions, which include functionalities like screen capture, ad blocking, and emoji keyboards, were found to inject code into browsers, facilitating advertising and search engine optimization fraud. The threat actor behind this campaign is…
-
Google Chrome disables uBlock Origin for some in Manifest v3 rollout
Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-chrome-disables-ublock-origin-for-some-in-manifest-v3-rollout/
-
Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign
A new variant of the Snake Keylogger, also known as 404 Keylogger, has been detected targeting users of popular web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox. FortiGuard Labs identified this threat using FortiSandbox v5.0 (FSAv5), a cutting-edge malware detection platform powered by advanced artificial intelligence (AI) and machine learning. This malicious…
-
Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates. The post Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-133-firefox-135-updates-patch-high-severity-vulnerabilities/
-
Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code Gain System Access
Google has rolled out an urgent security update for its Chrome browser, patching three vulnerabilities”, including two critical heap buffer overflow flaws”, that could enable attackers to execute arbitrary code and seize control of affected systems. The update (version 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux) follows the discovery of exploits in Chrome’s V8 JavaScript…
-
Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension
SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using the .NET framework. This malware is notorious for its advanced obfuscation techniques, making it challenging to analyze and detect. Recently, cybersecurity researchers uncovered a new campaign where sectopRAT disguises itself as a legitimate Google Chrome extension named >>Google Docs,