Security News

A bug in the latest release of Chrome, and other Chromium-based browsers, is causing random debug. Log files to be created on user's desktops and other folders.

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.

The Password Checkup feature came first in the form of a Chrome extension, then was built into Google Account's password manager and Chrome, and now it has been enhanced with support for the ". Enhanced Safe Browsing mode, which was first introduced in Chrome 83, allows users to get a more personalized protection against malicious sites.

Google has released Chrome 86 today, October 6th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers. Chrome 86 brings many security enhancements to both desktop and mobile users in the form of increased password security, protection from insecure downloads and form submissions, and biometric protection when auto-filling saved passwords.

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions. Erceg told SecurityWeek that the vulnerabilities he discovered all target a specific API made available to extensions - he has not named the impacted API due to the fact that Google hasn't mentioned it either in its release notes.

Google has stomped out several serious code-execution flaws in its Chrome browser. The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.

Google is providing a new "Risky files" scanning feature to Chrome users enrolled in its Advanced Protection Program. Chrome started warning APP users when a downloaded file may be malicious last year, but now it will also give them the ability to send risky files for additional scanning by Google Safe Browsing's full suite of malware detection technology before opening them.

Two researchers have earned $20,000 from Google for reporting a sandbox escape vulnerability affecting the Chrome web browser. The researchers who discovered the issue, Leecraso and Guang Gong of the 360 Alpha Lab at Chinese cybersecurity company Qihoo 360, told SecurityWeek that while the vulnerability affects Chrome on all platforms, they have only managed to trigger it on Android.

An obvious example is for the purposes of security filtering, where a network security device or cloud service deliberately redirects known bad domains, such as malware repositories, thus heading off potentially malicious traffic right at the DNS level. Simply put, a DNS lookup for a server name that doesn't exist at all, and therefore can't be resolved, is supposed to come back with a DNS error 3, known as NXDOMAIN, short for non-exsistent domain.

Chrome 85 was released in the stable version with 20 security fixes inside, including patches for 14 vulnerabilities disclosed by external researchers. Seven medium severity bugs reported by external researchers were patched in this Chrome release, including an inappropriate implementation in Content, four insufficient policy enforcements, and two incorrect security UI issues.