Tag: chrome

Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild

Nov 18, 2025 9:49 AM

Tags: attack, browser, chrome, cyber, exploit, flaw, google, risk, threat, update, vulnerability, zero-day

Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome users worldwide.”‹ Critical Zero-Day Under Active Attack The vulnerability was discovered by ClÃ©ment Lecigne of…
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Nov 18, 2025 6:49 AM

Tags: browser, chrome, cve, exploit, flaw, google, update, vulnerability, zero-day

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or…
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Nov 18, 2025 6:49 AM

Tags: browser, chrome, cve, exploit, flaw, google, update, vulnerability, zero-day

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or…
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Nov 17, 2025 1:49 PM

Tags: access, browser, china, chrome, google, microsoft, rat, threat, tool

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic…
Chrome extension “Safery” steals Ethereum wallet seed phrases

Nov 13, 2025 8:50 PM

Tags: browser, chrome, crypto, malicious, threat

Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web…
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

Nov 13, 2025 2:49 PM

Tags: blockchain, browser, chrome, crypto, cybersecurity, malicious, threat

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web…
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet

Nov 13, 2025 10:49 AM

Tags: attack, blockchain, browser, chrome, control, crypto, cyber, malicious, supply-chain, threat

Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called >>Safery: Ethereum Wallet,
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution

Nov 7, 2025 6:19 AM

Tags: apple, browser, chrome, cyber, flaw, marketplace, rce, remote-code-execution, vulnerability

Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw

Nov 6, 2025 7:19 AM

Tags: browser, chrome, cyber, flaw, google, rce, remote-code-execution, update

Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on…
Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?

Nov 4, 2025 9:20 PM

Tags: browser, chrome, data, google

Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as… First seen on hackread.com Jump to article: hackread.com/google-chrome-autofill-passports-licenses-safe/
Chrome Expands Autofill to Passports, Licenses, and Vehicle Details

Nov 4, 2025 4:19 PM

Tags: browser, chrome, google, update

Google updates Chrome’s enhanced autofill to handle passports, driver’s licenses, and vehicle IDs like VINs, with opt-in confirmation and encryption. The post Chrome Expands Autofill to Passports, Licenses, and Vehicle Details appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-autofill-passports/
Chrome Expands Autofill to Passports, Licenses, and Vehicle Details

Nov 4, 2025 4:19 PM

Tags: browser, chrome, google, update

Google updates Chrome’s enhanced autofill to handle passports, driver’s licenses, and vehicle IDs like VINs, with opt-in confirmation and encryption. The post Chrome Expands Autofill to Passports, Licenses, and Vehicle Details appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-autofill-passports/
New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Nov 3, 2025 7:20 PM

Tags: attack, browser, chrome, hacking, kaspersky, spyware, tool, vulnerability, zero-day

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm. First seen on hackread.com Jump to article: hackread.com/dante-spyware-hacking-team-memento-labs/
Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Nov 3, 2025 5:20 PM

Tags: browser, chrome, flaw, google, vulnerability

Google released Chrome 142, fixing 20 flaws, including two high-severity V8 bugs, and awarded $100,000 in bug bounties. Google addressed 20 flaws in Chrome version 142, including high-severity bugs that impact the V8 engine. The IT giant awarded $100,000 in bounties for two issues in the V8 JavaScript engine. The two vulnerabilities are tracked as…
Chrome 142.0.7444.59 / 60 schließt Schwachstellen; Chromium 143.0.7483.0 mit schwerem Bug

Oct 30, 2025 11:19 PM

Tags: browser, chrome, google, vulnerability

Zum 28. Oktober 2025 hat Google den Chrome-Browser auf die Versionen 142.0.7444.59 / 60 aktualisiert, um gleich mehrere Schwachstellen zu schließen. Im Chromium-Zweig 143.0.7483.0 gibt es aber einen schweren Bug, der den Browser abstürzen lässt. Ich ziehe mal einige Informationen zu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/30/chrome-142-0-7444-59-60-schliesst-schwachstellen-chromium-143-0-7483-0-mit-schwerem-bug/
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher

Oct 30, 2025 4:19 PM

Tags: ai, authentication, browser, bug, business, ceo, chatgpt, chrome, ciso, cloud, cyberattack, exploit, macOS, malware, openai, phishing, saas, soc, vulnerability

Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher

Oct 30, 2025 4:19 PM

Tags: ai, authentication, browser, bug, business, ceo, chatgpt, chrome, ciso, cloud, cyberattack, exploit, macOS, malware, openai, phishing, saas, soc, vulnerability

Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence

Oct 30, 2025 4:19 PM

Tags: access, ai, attack, automation, browser, business, chrome, cio, defense, detection, exploit, flaw, fraud, github, google, microsoft, monitoring, risk, vulnerability, windows, zero-day

Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds

Oct 30, 2025 4:19 PM

Tags: attack, browser, chrome, cyber, exploit, flaw, malicious, service, vulnerability

Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, calledBrash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection. The attack exploits…