Security News

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said.

A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers and can steal mail from Gmail and AOL accounts.

The Dutch Ministry of Education has decided to partially suspend the use of Chrome OS and Chrome web browser until August 2023 over concerns about data privacy. Since the national watchdog doesn't know where students' personal data is stored and processed, there are concerns about the violation of the European Union's GDPR. The Minister of Education and the Minister of Primary and Secondary Education have co-signed a letter to the Dutch parliament where they describe a range of cybersecurity and data protection matters.

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. "Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties," security researcher Jan Vojt?šek, who reported the discovery of the flaw, said in a write-up.

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. As usual with Apple, the Safari browser patches are bundled into the updates for the latest macOS, as well as into the updates for iOS and iPad OS. But the updates for the older versions of macOS don't include Safari, so the standalone Safari update therefore applies to users of previous macOS versions, who will need to download and install two updates, not just one.

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.

For the longest time, I've been shouting to the sun and moon that no one should allow Chrome to save passwords. Figure A. If you've already saved your passwords in Chrome, fear not, you can still remove them and recover a bit of extra privacy when using that particular browser.

Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. In Chrome 87, Google introduced a new feature called 'Intensive Wake Up Throttling' that prevents JavaScript from waking up a tab more than once a minute after it has been suspended and hidden from view for more than 5 minutes.

Google's latest update to the Chrome browser fixes a varying number of bugs, depending on whether you're on Android, Windows or Mac, and depending on whether you're running the "Stable channel" or the "Extended stable channel". The Stable channel is the very latest version, including all new browser features, currently numbered Chrome 103.

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year. Chrome 103 for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.