Security News

Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. Together with existing protection measures, the Stack Protection should mitigate a variety of exploitation techniques, but could affect stability if it is not compatible with software that loads itself into Chrome.

Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later. This is possible after the adoption of Intel's Control-flow Enforcement Technology, supported on Windows 10 computers through an implementation known as Hardware-enforced Stack Protection which adds enhanced exploit protection to all compatible devices.

As more companies and independent developers are switching to Progressive Web Apps as their preferred solution for native apps, Microsoft and Google are slowly adding new PWA features to improve the web apps experience on Windows and other platforms. For those unaware, Progressive web app, or PWA, is the latest web technology that allows anyone to use web sites as native mobile or desktop apps.

Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution within a user's browser. Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn't allow attackers to escape the sandbox where Chrome runs, meaning attackers can't reach any of the other program, data and applications on the computer.

An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser. Liu told SecurityWeek that the flaw can be exploited for remote code execution in the targeted user's browser, but noted that, similar to other recently disclosed V8 vulnerabilities, it does not escape the Chrome sandbox - a sandbox escape bug is needed to exploit CVE-2021-21227 in real world attacks.

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. PoC dropped on Twitter, zero-day fixed one week later.

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

Google makes it easy to share text with friends and colleagues with a new Chrome 90 feature that lets you create links to selected text on a web page. This new feature is rolling out now in Chrome 90 and is built on top of Google's "Scroll-To-Text using a URL fragment" feature that they introduced earlier this year and is only available in Chrome.

Google has released Chrome 90 today, April 14th, 2021, to the Stable desktop channel, and it includes security improvements, a new AV1 encoder, and the default protocol changed to HTTPS. Chrome 90 fixes 37 security bugs, including a zero-day used at the Pwn2Own competition and publicly released Monday on Twitter. Today, Google promoted Chrome 90 to the Stable channel, Chrome 91 as the new Beta version, and Chrome 92 will be the Canary version.