Security News

Google has fixed the fifth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians.

Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative. Once third-party cookies are phased out, advertisers are expected to use Google's Privacy Sandbox APIs to show advertisements based on a user's computed interests.

You can soon right-click on any YouTube video in Microsoft Edge or Google Chrome and save the frame in the original resolution and PNG format. Following the introduction of an option to "Copy video frame" on YouTube, Google has now implemented an additional feature allowing you to "Save" video frames directly.

Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October 16th, Google has now rolled it out to all users on the Stable channel.

Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. [...]

Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome's V8 JavaScript engine and Google Cloud's Kernel-based Virtual Machine. The exploit writers should make their exploitation attempts against a V8 version running on Google infrastructure.

In a bid to upgrade user experience, the Chrome team is developing an "Organise Tabs" feature, soon to be seen at the top left corner of the browser, adjacent to the tab search function. This new feature may potentially introduce an automatic tab group creation once tabs are systematically categorised.

The US's Cybersecurity and Infrastructure Security Agency has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities Catalog.With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "Significant risk to the federal enterprise," and agencies in the Federal Civilian Executive Branch have been set a three-week deadline of October 23 to apply the recommended fixes.

The pitfalls of neglecting security ownership at the design stageIn this Help Net Security interview, Nima Baiati, Executive Director and GM, Commercial Cybersecurity Solutions at Lenovo, discusses the disconnect between development and security teams and how companies need to prioritize security and why utilizing a multi-layered strategy is the best way to secure above and below the OS. The hidden costs of neglecting cybersecurity for small businessesIn this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. Network Flight Simulator: Open-source adversary simulation toolNetwork Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility.

Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code.