Security News

Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. "Years in the making, Manifest V3 is more secure, performant, and privacy-preserving than its predecessor," said David Li, Product Manager for Chrome Extensions & Chrome Web Store.

Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. A user agent is a string sent by a web browser to a website to let the site know what browser the visitor is using, its version, and integrated technology.

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.

Google has addressed two zero-day security bugs that are being actively exploited in the wild. Google is restricting any technical details "Until a majority of users are updated with a fix," it said.

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre, and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space.

Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. Google Chrome will also automatically check for new updates the next time you restart the browser.

Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities. Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.

Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data. You might work within a company LAN that doesn't allow for the Tor browser to function.

Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected. As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification to publish or update their extensions after August 2nd. "The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021," Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.

A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties. Google described the issue as a heap buffer overflow in Bookmarks.