Security News

Enough people must have griped about the loss of "Www" and "Https" in Chrome's address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to "Always Show Full URLs.". On 17 March, Chromium developers outlined the plan for users to opt-out of URL snippage in a post on the bug tracker titled "Implement Omnibox context menu option to always show full URLs".

Google is on track to resume the roll-out of stable Chrome releases next week, but says it will skip one version of the browser.

It's a problem that many believe explains the abrupt decision by Google to delay the release of Chrome 81, the stable version of which was scheduled to start appearing on users' computers on 17 March. Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases.

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.

Google has seemingly stopped claiming an identifier it uses internally to track experimental features and variations in its Chrome browser contains no personally identifiable information. In February, Arnaud Granal, a software developer who works on a Chromium-based browser called Kiwi, claimed the X-client-data header, which Chrome sends to Google when a Google webpage has been requested, represents a unique identifier that can be used to track people across the web.

Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. Cryptocurrency owners need a wallet just like users of regular cash do.

Evidence is emerging that a barely noticed change made to Chrome 80, released on 4 February, might have disrupted the hugely successful data and user profile stealing malware AZORult. Now, according to research by Israeli security company Kela, chatter on crime forums suggests cybercriminals believe that Chrome 80's move to encrypt locally saved passwords and cookies using AES-256 has killed the malware's attempts to steal data for good.

For the third time in a year, Google has fixed a Chrome zero-day that is being actively exploited by attackers in the wild. No details have been shared about the attacks and about the flaw itself, apart from the short description that says it's a type confusion flaw in V8, the JavaScript engine used by the Chrome browser.

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.

Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.