Security News

Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. The phishing site detection speed-up stems from improvements to the Chrome image processing tech used to compare the color profiles of visited websites with collections of signals associated with phishing landing pages.

For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser. The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks.

Google is about to give Chrome users a small security boost with new functionality that will attempt to automatically upgrade web pages to HTTPS. Dubbed HTTPS-First mode, the feature resembles the HTTPS-only mode in Firefox. For years, Google and other Internet companies out there have been actively advocating for the wide adoption of HTTPS across the web, both there still are websites that don't use encryption yet, thus posing a threat to their users.

Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > 'About Google Chrome.

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine.

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.

"Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS and display a full-page warning before loading sites that don't support it." Google said. "Users who enable this mode gain confidence that Chrome is connecting them to sites over HTTPS whenever possible, and that they will see a warning before connecting to sites over HTTP.".

Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users' web traffic from eavesdropping by upgrading all connections to HTTPS. This new feature is now being tested in the Chrome 93 Canary preview releases for Mac, Windows, Linux, Chrome OS, and Android. Google has previously updated Chrome to default to HTTPS for all URLs typed in the address bar if the user specifies no protocol.

Google Chrome for iOS now allows you to lock your incognito tabs behind Face ID so other people can't snoop on what sites you are visiting. Google Chrome's incognito mode is commonly used to visit sensitive sites that people do not want to appear in the browser history or for cookies to be saved.

Google's ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn't going away anytime soon. For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.