Security News

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question - including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock - made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server.

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon. Mozilla, maker of Chrome rival Firefox, has been trying to decide whether Camerfirma's history of questionable certificate management practices - documented in a lengthy list - warrants banishing the Spanish company's certificates from its Root Store - the set of certificates Firefox recognizes as trustworthy by default.

Chrome 89 also supports Web NFC, meaning that web applications can read and write NFC tags. Another new feature is the Web Serial API, which enables direct communication between web applications and devices with serial ports.

Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.'. Microsoft tracks hacking group as ZINC. In a new report, Microsoft states that they too have been tracking this threat actor, who they track as 'ZINC,' for the past couple of months as the hackers target pen testers, security researchers, and employees at tech and security companies.

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. When the vulnerability was first disclosed, Google stated that they would block HTTP and HTTPS access to TCP ports 5060 and 5061 to protect against this vulnerability in the release of Chrome 87.

Google says it's making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. The company gave an update Monday on its work to remove from its Chrome browser so-called third-party cookies, which are used by a website's advertisers or partners and can be used to track a user's internet browsing habits.

Two major browsers -Microsoft Edge and Google Chrome - are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Microsoft on Thursday said that its next version of Edge will generate alerts if a user password is found in an online leak.

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. Chrome 88 also arrived with improved password protections, including a check that helps users identify weak passwords and immediately act upon the issue, to ensure better protection of their accounts.

Google has added a new feature to the Chrome web browser that will make it easier to check if their stored passwords are weak and easy to guess, exposing users to brute force attacks or password cracking attempts. Google Chrome allows creating, storing, and filling your passwords with a mouse click while browsing the web using a built-in password manager.

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.