Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the … [Read more...] about Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
chrome
Google to Add Passwordless Authentication Support to Android and Chrome
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google … [Read more...] about Google to Add Passwordless Authentication Support to Android and Chrome
Update Google Chrome to version 100
Google has fixed 28 vulnerabilities by releasing update 100.0.4896.60 for its Chrome browser. At least 9 of them have a high severity rating — adding to CVE-2022-1096, another high severity vulnerability which Google patched with a separate update just a few days ago. So in total, the Chrome developers have released patches for 10 high severity vulnerabilities in less than a … [Read more...] about Update Google Chrome to version 100
Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C … [Read more...] about Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons
Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages
A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva. The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers … [Read more...] about Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages
Three dangerous vulnerabilities in Google Chrome
Google has released an emergency update for the Chrome browser that addresses three vulnerabilities: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976. Google experts consider one of the vulnerabilities as critical and the other two as highly dangerous. What’s worse: according to Google cybercriminals have already exploited two of these three vulnerabilities. Therefore, Google … [Read more...] about Three dangerous vulnerabilities in Google Chrome
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new … [Read more...] about Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant … [Read more...] about Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers … [Read more...] about Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
Google Chrome update patches CVE-2021-21193 vulnerability
Google Chrome urgently requires an update to patch a severe vulnerability. You may be tired of updating Chrome (the latest urgent update was just last month), but it’s that time again, and with good reason: Cybercriminals have already exploited this vulnerability. What is CVE-2021-21193? On March 12, Google released stable build 89.0.4389.90 for Chrome, patching five … [Read more...] about Google Chrome update patches CVE-2021-21193 vulnerability