Security News

Screencastify is one example of a browser extension that provides a popular feature that wouldn't be possible via a website alone, namely capturing some or all of your screen so you can share it with other users. Security researcher Wladimir Palant, himself an extension developer, decided to look into Screencastify, given its popularity.

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group. Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. Screencastify is a screen recorder, video editor, and media sharing browser extension with over 10,000,000 installs on the Chrome web store.

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick said in a statement.

A growing number of Android Google Chrome users in Russia are reporting errors when attempting to install the latest update for the web browser. According to Russian news outlets and numerous user comments on the Play Store, the issues started on May 9th, 2022, when Google released Chrome version 101 for Android.

"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said.The new Fast IDentity Online sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022.

For the third time this year, Google's Chrome browser has quietly received a security update together with the dreaded words, "Google is aware that an exploit [] exists in the wild." We're not aware of any follow-up report for last month's emergency patch - it's possible, after all, that Google simply hasn't traced the second lot of attacks back to their source yet.

The Cybersecurity and Infrastructure Security Agency has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. A Chrome zero-day was also included in CISA's Known Exploited Vulnerabilities catalog, a bug tracked as CVE-2022-1364 and allowing remote code execution due to a V8 type confusion weakness.