Security News

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
2021-09-24 23:39

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "Perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document."

Emergency Google Chrome update fixes zero-day exploited in the wild
2021-09-24 17:33

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. The update was available immediately when BleepingComputer manually checked for new updates from Chrome menu > Help > About Google Chrome.

Google: Manifest V2 Chrome extensions to stop working in 2023
2021-09-23 22:08

Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. "Years in the making, Manifest V3 is more secure, performant, and privacy-preserving than its predecessor," said David Li, Product Manager for Chrome Extensions & Chrome Web Store.

Google tests if 'Chrome/100.0' user agent breaks websites
2021-09-23 13:30

Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. A user agent is a string sent by a web browser to a website to let the site know what browser the visitor is using, its version, and integrated technology.

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
2021-09-19 01:13

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.

Pair of Google Chrome Zero-Day Bugs Actively Exploited
2021-09-14 15:03

Google has addressed two zero-day security bugs that are being actively exploited in the wild. Google is restricting any technical details "Until a majority of users are updated with a fix," it said.

New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection
2021-09-14 06:14

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre, and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space.

Google patches 10th Chrome zero-day exploited in the wild this year
2021-09-13 22:12

Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. Google Chrome will also automatically check for new updates the next time you restart the browser.

Google Awards $42,000 for Two Serious Chrome Vulnerabilities
2021-08-17 11:36

Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities. Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.

The most secure browser for transmitting sensitive data is definitely not Chrome
2021-08-06 13:27

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.