Tag: chrome
-
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretely-scans-for-6-000-plus-chrome-extensions-collects-data/
-
Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-ad-blocker-chrome-extension-spy-users/
-
Malicious Chrome Extension >>ChatGPT Ad Blocker<< Targets Users, Steals Conversations
Security researchers have uncovered a malicious Google Chrome extension named >>ChatGPT Ad Blocker<>ChatGPT Ad Blocker<< Targets Users, Steals Conversations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/malicious-chrome-extension-targets-chatgpt-users/
-
Patch Now: Chrome Flaw Under Active Attack, Google Confirms
Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and full device compromise. The post Patch Now: Chrome Flaw Under Active Attack, Google Confirms appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-zero-day-cve-2026-5281-active-exploit/
-
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption…. First seen on hackread.com Jump to article: hackread.com/storm-infostealer-sold-as-service-browsers-wallets/
-
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
Tags: browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, hacker, infrastructure, kev, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog because hackers are actively exploiting it in real-world attacks. The vulnerability originates…
-
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation, Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.”Use-after-free in Dawn in Google Chrome prior…
-
Google Warns of New Chrome Zero-Day Under Active Exploitation Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.178 for Windows and Mac, or 146.0.7680.177 for Linux . Active Zero-Day Threat The most…
-
Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability
Google has released a Stable Channel Update for Chrome, addressing 21 security vulnerabilities, including a high-profile code smuggling vulnerability that is actively being exploited in the wild. The update rolled out on Wednesday night. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-stable-channel-update-security/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/google-chrome-zero-day-cve-2026-5281/
-
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-chrome-zero-day-exploited-in-attacks-in-2026/
-
Schadcode per Klick: Attackierte Chrome-Lücke gefährdet Millionen von Nutzern
In Google Chrome klafft eine Sicherheitslücke, mit der sich per Webseitenaufruf Schadcode einschleusen lässt. Angreifer nutzen das bereits aus. First seen on golem.de Jump to article: www.golem.de/news/schadcode-per-klick-attackierte-chrome-luecke-gefaehrdet-millionen-von-nutzern-2604-207143.html
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Tags: attack, browser, chrome, cyber, docker, government, international, iran, malware, software, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Trivy Supply Chain Attack Expands to Compromised Docker Images VoidStealer: Debugging Chrome to Steal…
-
Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users: What You Need to Know
Google patches eight high-severity Chrome vulnerabilities affecting 3.5 billion users. Here’s why you should update and relaunch your browser now. The post Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users: What You Need to Know appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-update-8-vulnerabilities-3-5-billion-users/
-
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with…
-
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with…
-
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs.”It logs keystrokes, dumps cookies and session tokens, captures screenshots, and First seen…
-
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/
-
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/
-
Chrome Security Update Fixes 8 Vulnerabilities That Could Enable Remote Code Execution
Google has released a crucial security update for its Chrome browser, addressing eight high-severity vulnerabilities. Users are strongly advised to update their browsers immediately to protect their systems from potential remote code execution attacks. The stable channel update rolls out versions 146.0.7680.164 and 146.0.7680.165 for Windows and Mac users, while Linux users will receive version…
-
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Malware with many tricks: VoidStealer is part of a broader shift in how infostealers are evolving post-ABE. The malware already supports multiple bypass techniques, falling back to older injection-based methods if needed, but clearly prioritizing stealth where possible.Krejsa also warned of its development pace. Since first appearing in December 2025, the malware has evolved quickly…
-
VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation
A new variant of the MaaS infostealer VoidStealer has become the first malware observed in the wild to weaponize a debugger”‘based bypass for Google Chrome’s Application”‘Bound Encryption (ABE), using hardware breakpoints to steal Chrome’s v20_master_key directly from browser memory. Unlike previous ABE bypasses, this method requires neither SYSTEM”‘level privilege escalation nor code injection into the…
-
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/
-
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution
Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Crypto Scam ShieldGuard Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
âš¡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a…
-
Aktiv ausgenutzte Sicherheitslücken entdeckt: Dieses Update für Google Chrome musst du jetzt installieren
First seen on t3n.de Jump to article: t3n.de/news/google-chrome-aktiv-ausgenutzte-sicherheitsluecke-update-1733831/