Security News

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. Chrome 88 also arrived with improved password protections, including a check that helps users identify weak passwords and immediately act upon the issue, to ensure better protection of their accounts.

Google has added a new feature to the Chrome web browser that will make it easier to check if their stored passwords are weak and easy to guess, exposing users to brute force attacks or password cracking attempts. Google Chrome allows creating, storing, and filling your passwords with a mouse click while browsing the web using a built-in password manager.

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. This is because many of the Google APIs included in the Chromium code are specific only to Google Chrome and are not intended to be integrated and used by the users of derived Chromium products.

Facebook has filed legal action against two Chrome extension developers that the company said was scraping user profile data - including names and profile IDs - as well as other browser-related information. The two unnamed developers under the business name Oink and Stuff, developed Chrome malicious browser extensions, which actually contained hidden code "That functioned like spyware," alleges Facebook.

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization. After being installed on the users' computers, these Chrome extensions also installed malicious code in the background which allowed the defendants to scrape user data from Facebook's site.

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability is separate from a bug reported in Google's browser engine Chromium, which is used in the Google Chrome browser and Microsoft's latest version of its Edge browser.

An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities.

Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious. The Register understands that the unidentified maintainer of the project subsequently resubmitted the extension without the suspicious behavior that had been cited in a GitHub issues post.

HTTPS, as you probably know, stands for secure HTTP, and it's a cryptographic process - a cybersecurity dance, if you like - that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and forth. Why is HTTP still the default choice of your browser if you type an URL into the address bar and don't explicitly put https:// at the start?