Security News

The remote access trojan known as Gh0st RAT has been observed being delivered by an "Evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the web are being singled out.

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. In a Google Workspace incident report, the company says the issue affected approximately 2% of all Windows users who had already upgraded to Chrome 127, the browser's latest version.

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files.

Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its Topics system that serves online ads based on your Chrome history. It's feared netizens could be still be tracked around the web using the Topics API in Chrome, or folks who have tried to hide their identity from advertisers could be rediscovered using the tech.

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. The Chrome browser now also sends suspicious files to the company's servers for a deeper scan for users with Enhanced Protection mode enabled in Safe Browsing, providing extra protection while "Reducing user friction."

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. The significant policy reversal comes nearly three months following the company's announcement that it intends to eliminate third-party cookies starting early next year after repeated delays, underscoring the project's tumultuous history.

Google no longer intends to drop support for third-party cookies - the online identifiers used by the ad industry to track people and target them with ads based on their online activities. The Privacy Sandbox - a suite of APIs for notionally privacy-protecting online ad delivery and analytics - will co-exist with third-party cookies in Chrome for the foreseeable future.

Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. [...]

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.