Security News

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022.

For the third time this year, Google's Chrome browser has quietly received a security update together with the dreaded words, "Google is aware that an exploit [] exists in the wild." We're not aware of any follow-up report for last month's emergency patch - it's possible, after all, that Google simply hasn't traced the second lot of attacks back to their source yet.

The Cybersecurity and Infrastructure Security Agency has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. A Chrome zero-day was also included in CISA's Known Exploited Vulnerabilities catalog, a bug tracked as CVE-2022-1364 and allowing remote code execution due to a V8 type confusion weakness.

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.

Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that's being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers.

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

Google has released Chrome 100 today, March 29th, 2022, to the Stable desktop channel, and it includes a new logo, security improvements, development features, and more. Today, Google promoted Chrome 100 to the Stable channel, Chrome 101 as the new Beta version, and Chrome 102 will be the Canary version.