Security News

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

Contestants hacked Microsoft's Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform. The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks' Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine.

Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser. Google informed Chrome users on Tuesday that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers.

Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser's next stable version. This move is part of a larger effort to defend users from attackers attempting to intercept their unencrypted web traffic and speed up the loading of websites served over HTTPS. "Chrome will now default to HTTPS for most typed navigations that don't specify a protocol," Chrome team's Shweta Panditrao and Mustafa Emre Acer said.

The Chrome browser extension ClearURLs has been removed from the Chrome Web Store, for reasons its developer describes as "Ridiculous." Google's Chrome team emailed ClearURLs developer Kevin Roebert yesterday to tell him: "Your item had to be removed from the Chrome Web Store," citing three violations of its terms.

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store. ClearURLs is a web browser add-on available for both Google Chrome and Mozilla Firefox tasked with removing tracking bits from the URLs.

When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. Chrome 90 will make HTTPS the default for first time website visits where no transport has been declared.

Google is rolling out a new 'Tab Search' feature that allows you to search through your list of open tabs among all open browser windows to find a specific page. If you are like me and commonly have a large number of tabs open simultaneously, you can use the Tab Search feature to search for a particular page among your sea of open tabs.

"After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company said in a tweet. The insinuation from DuckDuckGo comes as Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple's App Store rules, but not before a three-month-long delay that caused most of its apps to go without being updated, lending credence to theories that the company had halted iOS app updates as a consequence of Apple's enforcement.