Security News

A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers and can steal mail from Gmail and AOL accounts.

The Dutch Ministry of Education has decided to partially suspend the use of Chrome OS and Chrome web browser until August 2023 over concerns about data privacy. Since the national watchdog doesn't know where students' personal data is stored and processed, there are concerns about the violation of the European Union's GDPR. The Minister of Education and the Minister of Primary and Secondary Education have co-signed a letter to the Dutch parliament where they describe a range of cybersecurity and data protection matters.

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. "Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties," security researcher Jan Vojt?šek, who reported the discovery of the flaw, said in a write-up.

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. As usual with Apple, the Safari browser patches are bundled into the updates for the latest macOS, as well as into the updates for iOS and iPad OS. But the updates for the older versions of macOS don't include Safari, so the standalone Safari update therefore applies to users of previous macOS versions, who will need to download and install two updates, not just one.

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.

Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. In Chrome 87, Google introduced a new feature called 'Intensive Wake Up Throttling' that prevents JavaScript from waking up a tab more than once a minute after it has been suspended and hidden from view for more than 5 minutes.

Google's latest update to the Chrome browser fixes a varying number of bugs, depending on whether you're on Android, Windows or Mac, and depending on whether you're running the "Stable channel" or the "Extended stable channel". The Stable channel is the very latest version, including all new browser features, currently numbered Chrome 103.

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year. Chrome 103 for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited. The fix is installing Chrome 103.0.5060.114 for Windows and Chrome 103.0.5060.71 for Android, both of which will appear soon.