Security News

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year -.

Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. This update was immediately available when BleepingComputer checked for new updates via the Chrome menu > Help > About Google Chrome.

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.

Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user's interests from third-party cookies to the Chrome browser. While Google states that the Privacy Sandbox is designed to increase privacy by letting your web browser compute your interests locally rather than through cookies, Apple, Mozilla, and the WC3 TAG have cited numerous issues with the proposal.

Google announced today that it is deprecating the standard Google Chrome Safe Browsing feature and moving everyone to its Enhanced Safe Browsing feature in the coming weeks, bringing real-time phishing protection to all users while browsing the web. Since 2007, Google Chrome has utilized a Safe Browsing security feature that protects users from malicious websites that push malware or display phishing pages.

The Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets. A new feature that stands out is Chaes' use of the Chrome DevTools Protocol to steal data from the web browser, including the real-time modification of web pages, execution of JavaScript code, debugging, network request management, memory management, cookie and cache management, and more.

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.

Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. Starting in Chrome 117, which is due to be released in September 2023, the browser will highlight if an extension they use has been unpublished by the developer, has been taken down for violating Chrome Web Store policy, or has been labeled as malware.

Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware. The problem is that these extensions are churned out quickly, with the developers releasing new ones just as Google removes old ones from the Chrome Web Store.

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware.