Tag: chrome
-
Google Patches Three High-Severity Chrome Flaws
Google has fixed three high-severity Chrome flaws that could enable remote exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-three-high-severity-chrome-flaws/
-
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws
Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The rapid deployment of these fixes highlights the ongoing challenges in securing widely used web browsers…
-
Chrome Zero-Day CVE-2026-2441: The CSS Trap Blog – Menlo Security
Discover why the latest Chrome zero-day (CVE-2026-2441) proves patching isn’t enough. Learn how cloud isolation secures endpoints against CSS memory exploits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/chrome-zero-day-cve-2026-2441-the-css-trap-blog-menlo-security/
-
Google Rushes Out Critical Chrome Update to Address Serious PDFium and V8 Vulnerabilities
Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable Channel update bumps versions to 145.0.7632.109/.110 for Windows and Mac, and 144.0.7559.109 for Linux. High-severity issues in PDFium, the engine that handles PDF files in Chrome and V8, the speedy…
-
Millionen Chrome-Erweiterungen geben Browserverlauf preis
Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass der Browserverlauf der Anwender offengelegt ist.Ein Sicherheitsforscher mit dem Pseudonym ‘Q Continuum” hat 287 Chrome-Erweiterungen entdeckt, die den Browserverlauf exfiltrieren. ‘Die Akteure hinter den Lecks sind vielfältig: Similarweb, Curly Doggo, Offidocs, chinesische Akteure, viele kleinere, unbekannte Datenbroker sowie ein mysteriöses Unternehmen namens “šBig Star Labs’, das offenbar…
-
Keenadu: Android malware that comes preinstalled and can’t be removed by users
Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
-
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
Tags: apt, attack, browser, chrome, control, cyber, cybersecurity, exploit, google, group, network, security-incident, vulnerability, windows, zero-dayBackground In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted…The…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
Chrome >>preloading<< could be leaking your data and causing problems in Browser Guard
This article explains why Chrome’s “preloading” can cause scary-looking blocks in Malwarebytes Browser Guard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/chrome-preloading-could-be-leaking-your-data-and-causing-problems-in-browser-guard/
-
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has released an emergency update to patch an actively exploited zero-day”, the first Chrome zero-day of the year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/
-
Malicious Chrome Extension Exposes Facebook Business Manager Accounts to 2FA and Analytics Theft
A malicious Google Chrome extension, CL Suite by @CLMasters, which masquerades as a productivity tool for Meta Business Suite while silently stealing sensitive authentication data. Although the extension markets itself as a solution to >>remove verification popups<>generate 2FA codes,<< its actual function is to exfiltrate Two-Factor Authentication (2FA) seeds, one-time codes, and detailed business […] The…
-
Was CISOs über OpenClaw wissen sollten
Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerabilityLesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
-
Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions
Researchers said they identified a network of five Chrome extensions, marketed as tools to change themes and enhance the VK user experience, that took control of infected accounts and manipulated settings without users’ consent. First seen on therecord.media Jump to article: therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
-
260K+ Chrome Users Duped by Fake AI Browser Extensions
30 copycat apps tricked users, and Google itself, into thinking they’re legitimate AI tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/chrome-fake-ai-browser-extensions
-
Leaky Chrome extensions with 37M installs caught divulging your browsing history
Encrypted exfiltration made detection difficult: The researcher said in a blog post that several of these extensions attempted to hide the nature of transmitted data. Outbound payloads were frequently encrypted or encoded before transmission, preventing automated inspection.”Manual inspection of the captured traffic revealed a variety of obfuscation schemes: base64, ROT47, LZ-String compression, and full AES-256…
-
Sicherheitslücke im Browser: Attacken auf Chrome-Nutzer beobachtet
Eine gefährliche Sicherheitslücke lässt Angreifer Schadcode in Chrome einschleusen. Es reicht der Besuch einer speziell gestalteten Webseite. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-im-browser-attacken-auf-chrome-nutzer-beobachtet-2602-205443.html
-
Leaky Chrome extensions with 37M installs caught shipping your browsing history
Encrypted exfiltration made detection difficult: The researcher said in a blog post that several of these extensions attempted to hide the nature of transmitted data. Outbound payloads were frequently encrypted or encoded before transmission, preventing automated inspection.”Manual inspection of the captured traffic revealed a variety of obfuscation schemes: base64, ROT47, LZ-String compression, and full AES-256…
-
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patches-new-in-wild-chrome/
-
Google fixes first actively exploited Chrome zero-day of 2026
Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first…
-
Google patches Chrome vulnerability with inwild exploit (CVE-2026-2441)
Google released a security update for Chrome to address a high-severity zero”‘day vulnerability (CVE-2026-2441) on Friday. >>Google is aware that an exploit for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/google-patches-chrome-vulnerability-with-in-the-wild-exploit-cve-2026-2441/
-
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
-
Google Chrome Fixes Actively Exploited CVE-2026-2441 Bug
A critical security vulnerability, CVE-2026-2441, has prompted an urgent out-of-band update for Google Chrome after confirmation that the flaw is being actively exploited. The Hong Kong Computer Emergency Response Team (HKCERT) alerted users to the flaw on 16 February 2026. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-2441-google-chrome/
-
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack, Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild.The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on…
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…
-
287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users
New investigation by Q Continuum reveals 287 Chrome extensions leaking the private browsing data of 37.4 million users to firms like Similarweb and Alibaba. Learn how these harmless tools turn your history into a product. First seen on hackread.com Jump to article: hackread.com/chrome-extensions-harvest-browsing-data-37m-users/
-
260K Users Exposed in AI Extension Scam
Fake AI Chrome extensions exposed 260,000 users by using remote iframes to extract data and maintain persistent access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/260k-users-exposed-in-ai-extension-scam/
-
Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign
Malicious Chrome extensions hijacked over 500K VK accounts using multi-stage payloads and stealthy persistence techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extensions-hijack-500000-vk-accounts-in-stealth-campaign/