Security News

Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. Although the company says this update may take some time to reach all users, the update has already begun rolling out Chrome 96.0.4664.110 worldwide in the Stable Desktop channel.

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. An anonymous researcher has been credited with discovering and reporting the flaw.

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individuals who are looking for popular software on search engines to present them links to download fake installers that drop a password stealer called RedLine Stealer, a Chrome extension dubbed "MagnatExtension" that's programmed to record keystrokes and capture screenshots, and an AutoIt-based backdoor that establishes remote access to the machine.

Microsoft Edge is now displaying in-browser alerts that discourage users from downloading Google Chrome by bashing the popular browser. A few weeks later, Google began telling Microsoft Edge users to switch to Chrome to use browser extensions more securely.

Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version. After upgrading to Chrome 96, users report errors in their Twitter notifications, with the website warning that "Something went wrong. Try reloading," as shown below.

Security researchers from Germany's CISPA Helmholtz Center for Information Security have developed software to help identify Chrome extensions that are vulnerable to exploitation by malicious webpages and other extensions. Under its old platform rules, known as Manifest v2, Chrome extensions had broad powers that could easily be misused.

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. I'm going to be honest here, I don't use a web browser very often on Android.

Google will end support for the Chrome sync feature for all users still running Google Chrome 48 and earlier after Chrome 96 reaches the stable channel. "Chrome sync no longer supports Chrome 48 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync," Google said at the time.

Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control. Iwamaye wrote in a blog post published Thursday, the attack chain is initiated when a Chrome browser user visits a malicious website and a "Browser ad service" prompts the user to take an action.

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited."Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the list of security fixes in today's Google Chrome release.