Security News

Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions
2022-09-14 18:15

Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription, which in turn would earn threat actors a commission.

CISA orders agencies to patch Chrome, D-Link flaws used in attacks
2022-09-08 19:11

CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software. The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.

Chrome and Edge fix zero-day security hole – update now!
2022-09-05 18:12

We'd love to be able to determine, given that the bug relates to the incorrect handling of input data, whether this bug leads to a worrying security outcome such as EoP, short for elevation of privilege, or if it can be abused for a more disastrous result such as full-blown RCE, short for remote code execution. As a result, modern browsers generally split themselves into numerous separate processes, for example so that each tab is handled in an independent process, thus preventing one runwaway tab from trivially leeching data such as cookies and access tokens from others tabs related to completely different websites.

Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps
2022-09-04 15:30

A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
2022-09-03 03:56

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier...

Google Chrome emergency update fixes new zero-day used in attacks
2022-09-02 23:29

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks.

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content
2022-09-02 05:55

A "Major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson.

Chrome patches 24 security holes, enables “Sanitizer” safety system
2022-08-31 17:48

According to Google, this new version includes 24 security fixes, though none of them are reported as "In-the-wild", which means that there weren't any zero-days patched this time. Suddenly, bug-free code elsewhere in the program behaves as if it were buggy itself, thanks to the flaw in your code that just invalidated what was in memory.

Google Chrome bug lets sites write to clipboard without asking
2022-08-31 17:13

Chrome version 104 accidentally introduced a bug that removes the user requirement to approve clipboard writing events from websites they visit. When the user tries to make a payment and copies the wallet address to the clipboard, the website can write to the clipboard the threat actor's address.

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
2022-08-31 10:45

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit of retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole said.