Security News

For the third time in a year, Google has fixed a Chrome zero-day that is being actively exploited by attackers in the wild. No details have been shared about the attacks and about the flaw itself, apart from the short description that says it's a type confusion flaw in V8, the JavaScript engine used by the Chrome browser.

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.

Google has issued an update for its widespread Chrome browser to fix three security holes. Google, which is often vociferous about bugs and how they work, especially those found by its own Project Zero and Threat Analysis teams, is playing its cards close to its chest in this case.

Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.

A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability.

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that has been reportedly exploited in the wild.

This week we discuss why Google abruptly pulled more than 500 Chrome extensions from its Web Store, the case of a man held in custody for refusing to decrypt two hard drives, and research detailing a number of security holes in Bluetooth chipsets. Greg Iddon plays host and producer this week and is joined by fellow Sophos experts Paul Ducklin and Peter Mackenzie.

Google has removed more than 500 extensions from the Chrome Web Store after they were found performing covert data exfiltration activities. Independent security researcher Jamila Kaya and Cisco's Duo Labs originally identified a network of 70 copycat plugins with 1.7 million users that were infecting users' browsers and exfiltrating data.

Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. In a message to the researchers that it had removed the extensions, Google noted that it "Regularly sweeps to find extensions using similar techniques, code and behaviors and take down those extensions if they violate our policies."