Security News

Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities. Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.

Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected. As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification to publish or update their extensions after August 2nd. "The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021," Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.

A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties. Google described the issue as a heap buffer overflow in Bookmarks.

Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. Currently, when you visit a secure site, Google Chrome will display a little locked icon indicating that your communication with the site is encrypted, as shown below.

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "Refinements in its tactics." Earlier this April, XCSSET received an upgrade that enabled the malware authors to target macOS 11 Big Sur as well as Macs running on M1 chipset by circumventing new security policies instituted by Apple in the latest operating system.

Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. Dubbed XCSSET, the malware keeps evolving and has been targeting macOS developers for more than a year by infecting local Xcode projects.

Npm is the default package manager for the JavaScript runtime environment Node.js, which is built on Chrome's V8 JavaScript engine. "Vast" would be an understatement to describe the ecosystem: npm hosts more than 1.5 million unique packages, and serves up more than 1 billion requests for JavaScript packages per day, to around 11 million developers worldwide.

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection. Chrome 92 arrives with expanded Chrome Actions, to provide users with improved management of privacy and security options.

Today, researchers at ReversingLabs have disclosed their findings on two malicious npm packages that secretly steal passwords from your Chrome web browser. "We have contacted NPM to take the package down. We are still waiting on their security team to respond," ReversingLabs' chief software architect and co-founder, Tomislav Pericin told BleepingComputer in an email interview.