Security News

Google's Apple-mandated privacy labels for its Chrome and Search apps on iOS have drawn criticism from tiny search rival DuckDuckGo, which tweeted "No wonder they wanted to hide it." Mysterious delays in Google's app updates soon ensued - though the company said in January that: "As Google's iOS apps are updated with new features or to fix bugs, you'll see updates to our app page listings that include the new App Privacy Details. These labels represent the maximum categories of data that could be collected - meaning if you use every available feature and service in the app."

"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session. The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine.

For the third time this year, Google has shipped an urgent fix to block in-the-wild zero-day attacks hitting its flagship Chrome browser. The latest emergency Chrome patch, available for Windows, MacOS and Linux, provides cover for at least five documented vulnerabilities.

Google is hurrying out a fix for a vulnerability in its Chrome browser that's under active attack - its third zero-day flaw so far this year. Another high-severity flaw is a heap-buffer overflow error that stems from Chrome tab groups.

Major 'Stable' versions of Microsoft Edge will now be released every four weeks to synchronize with the new four-week release cycle announced by Google Chrome. This month, Google announced they were switching from a six-week release cycle to a four-week cycle after improving their testing and release process.

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users. The zero-day tracked as CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.

Google says that the latest Google Chrome version comes with major memory savings on Windows systems and improves energy consumption and overall responsiveness. Google Chrome 89, which rolled out earlier this week, comes with significant Windows memory management improvements, with the browser process requiring up to 22% less memory.

Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. Last year, security researchers disclosed a new version of the NAT Slipstreaming vulnerability that allows malicious scripts to bypass a website visitor's NAT firewall and access any TCP/UDP port on the visitor's internal network.

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. When Google creates a new browser feature, it is first tested in Google Chrome Canary and Google Chrome Beta.