Security News

Google announced today that the lock icon, long thought to be a sign of website security and trustworthiness, will soon be changed with a new icon that doesn't imply that a site is secure or should be trusted.While first introduced to show that a website was using HTTPS encryption to encrypt connections, the lock symbol is no longer needed given that more than 99% of all web pages are now loaded in Google Chrome over HTTPS. These also include websites used as landing pages in phishing attacks or other malicious purposes, designed to take advantage of the lock icon to trick the targets into thinking they're safe from attacks.

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar to what one would expect.

Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome Browser Cloud Management console and provides admins with valuable insights into potential security threats.

If you're a Google Chrome or Microsoft Edge browser fan, you're probably getting updates automatically and you're probably up to date already. Just in case you've missed any updates recently, we suggest you go and check right now, because the Chromium browser core, on which both Edge and Chrome are based, has patched not one but two zero-day remote code execution bugs recently.

Six years after a jury decided otherwise, Google has convinced an appeals court to reverse a $20 million judgment against the web giant after Chrome infringed some patents. A US Court of Appeals decision [PDF], handed down Tuesday, not only reversed a 2017 ruling that found Google Chrome had ripped off four anti-malware patents, but also that three of the patents were invalid because they contained details that weren't included in the original patent.

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library.

Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. The stable release is available only for Windows and Mac users, with the Linux version to roll out "Soon," Google says.

In brief Google on Friday released an emergency update for Chrome to address a zero-day security flaw.This fix would be the first zero-day in Chrome squashed by Google this year.

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine.

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. This update was immediately available when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.