Security News

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.

"Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS and display a full-page warning before loading sites that don't support it." Google said. "Users who enable this mode gain confidence that Chrome is connecting them to sites over HTTPS whenever possible, and that they will see a warning before connecting to sites over HTTP.".

Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users' web traffic from eavesdropping by upgrading all connections to HTTPS. This new feature is now being tested in the Chrome 93 Canary preview releases for Mac, Windows, Linux, Chrome OS, and Android. Google has previously updated Chrome to default to HTTPS for all URLs typed in the address bar if the user specifies no protocol.

Google Chrome for iOS now allows you to lock your incognito tabs behind Face ID so other people can't snoop on what sites you are visiting. Google Chrome's incognito mode is commonly used to visit sensitive sites that people do not want to appear in the browser history or for cookies to be saved.

Google's ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn't going away anytime soon. For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL, a JavaScript API for rendering interactive 2D and 3D graphics within the browser.

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.

Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser.

Microsoft's Patch Tuesday announcement was bad enough, with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer's MSHTML web rendering code. It's been followed by Google's latest Chrome security advisory, which includes a zero-day patch to Chrome's JavaScript engine amongst its 14 officially listed security fixes.

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild. "Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.