Security News

If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "Actively exploited" in the older version of Chrome that will also affect other vendors' browsers. Details are intentionally scant until enough of the wider world has installed the update, but the flaw exists in how Chrome handles heap overflows in V8, Chromium's Javascript engine.

The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. Microsoft Edge 88 is rolling out to users in the Stable channel alongside some new privacy-focused features, including a long-awaited credentials monitor and a built-in password generator.

Anonymous and private, yet busted - we explain how darkweb sites sometimes keep your secrets and sometimes don't. We tell you the tale of a company with a cool name but allegedly with creepy habits coded into its browser extensions.

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. This is because many of the Google APIs included in the Chromium code are specific only to Google Chrome and are not intended to be integrated and used by the users of derived Chromium products.

HTTPS, as you probably know, stands for secure HTTP, and it's a cryptographic process - a cybersecurity dance, if you like - that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and forth. Why is HTTP still the default choice of your browser if you type an URL into the address bar and don't explicitly put https:// at the start?

According to new code references found in the open-source Chromium platform, Chromium-based browsers like Vivaldi and Brave should soon be able to take advantage of Google's personalized news feed called 'Discover'. Discover is currently accessible via the Google app and Chrome for Android and iOS only, but a new code commit suggests that other Chromium-based browsers should soon be able to take advantage of Discover feed.

Download numbers from the browser store show that several million people worldwide currently may be using the extensions, researchers said. Avast Threat Intelligence discovered the malware after following up on research by Czech researcher Edvard Rejthar at CZ.NIC, who first identified the threat originating in browser extensions on his system, Avast senior writer Emma McGowan wrote in a blog post published Thursday.

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.

Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. The campaign - which impacts Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox browsers on Windows - aims to insert additional, unauthorized ads on top of legitimate ads displayed on search engine results pages, leading users to click on these ads inadvertently.

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.