Security News

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick said in a statement.

A growing number of Android Google Chrome users in Russia are reporting errors when attempting to install the latest update for the web browser. According to Russian news outlets and numerous user comments on the Play Store, the issues started on May 9th, 2022, when Google released Chrome version 101 for Android.

"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said.The new Fast IDentity Online sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022.

For the third time this year, Google's Chrome browser has quietly received a security update together with the dreaded words, "Google is aware that an exploit [] exists in the wild." We're not aware of any follow-up report for last month's emergency patch - it's possible, after all, that Google simply hasn't traced the second lot of attacks back to their source yet.

The Cybersecurity and Infrastructure Security Agency has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. A Chrome zero-day was also included in CISA's Known Exploited Vulnerabilities catalog, a bug tracked as CVE-2022-1364 and allowing remote code execution due to a V8 type confusion weakness.

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.