Security News

Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.

Security provider McAfee is looking to a new acquisition as a way to better combat browser-based malware. On Tuesday, the company announced its intention to purchase Light Point Security, which makes a browser isolation product.

With the new Chromium version of Microsoft Edge comes new settings that allow you to better control your privacy and security. Microsoft released the new version of Edge on January 15, 2020, for Windows 10, Windows 8/8.1, and Windows 7, so you should already have it by now; if not, browse to Microsoft's website to download the new Microsoft Edge based on Chromium.

The patched version of Mozilla's browser, launched on Tuesday, is Firefox 73 and Firefox ESR 68.5. One of the vulnerabilities, tracked as CVE-2020-6800, was fixed in a previous release of Firefox 72 and the current Firefox ESR 68.5 update on Tuesday.

UPDATE. Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. In this case, Google said that after becoming aware of a widespread pattern of pernicious behavior on the part of a large number of Chrome extensions, it has disabled extensions that contain a monetary component - those that are paid for, offer in-browser transactions and those that offer subscription services.

Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection, a privacy scheme developed by Apple's WebKit team for the company's Safari browser. Schuh expressed skepticism that Apple will be able to salvage ITP. "They attempt to mitigate tracking by adding state mechanisms, but adding state often introduces worse privacy/security issues," he wrote.

Consumers should care more about browser security, which is why the primary browser providers keep focusing on privacy improvements. Despite all the improvements to the various browser options in terms of performance and privacy, people tend to stick with what they have, seemingly forever.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer browser that attackers are actively exploiting in the wild - and there is no patch yet available for it. A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

The fairly new malware, which has been dubbed Oski Stealer, is being advertised on underground cyber-forums, including several Russian forums, security researcher Aditya K Sood explained in a report shared with SecurityWeek. Oski Stealer is being distributed via drive-by downloads, phishing attacks, and other standard infection methods, and acts as a native piece of software that can be installed on various systems.

Just two days after releasing Firefox 72, Mozilla has issued an update to patch a critical zero-day flaw. Some Linux distros and many businesses stick to Firefox's Extended Support Release because it gets security fixes at the same pace as the regular version, but doesn't force you to take on new features at every update.