Security News

Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware. The Great Suspender is a Chrome extension that will suspend unused tabs and unload its resources to decrease the browser's memory usage.

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. "The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more," Calum McConnell said in a GitHub post.

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. While it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft disclosed attacks carried out by North Korean hackers against security researchers with an elaborate social engineering campaign to install a Windows backdoor.

The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. Chrome Sync is a browser feature designed to automatically synchronize a user's bookmarks, history, passwords, and other settings after they log in with their Google account.

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. The phrase "Exploit exists in the wild" is shorthand for "The crooks found this vulnerability before we did and are already using it in real-life attacks".

The heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. Researchers urge Google Chrome users to update as soon as possible.

If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "Actively exploited" in the older version of Chrome that will also affect other vendors' browsers. Details are intentionally scant until enough of the wider world has installed the update, but the flaw exists in how Chrome handles heap overflows in V8, Chromium's Javascript engine.

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads.

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.