Security News

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. In a Google Workspace incident report, the company says the issue affected approximately 2% of all Windows users who had already upgraded to Chrome 127, the browser's latest version.

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. "An attacker could escalate their privileges to the Default Cloud Build Service Account and access numerous services such as Cloud Build, storage, artifact registry and container registry," the exposure management company said in a statement.

Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its Topics system that serves online ads based on your Chrome history. It's feared netizens could be still be tracked around the web using the Topics API in Chrome, or folks who have tried to hide their identity from advertisers could be rediscovered using the tech.

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. The Chrome browser now also sends suspicious files to the company's servers for a deeper scan for users with Enhanced Protection mode enabled in Safe Browsing, providing extra protection while "Reducing user friction."

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]

Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers...

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. The significant policy reversal comes nearly three months following the company's announcement that it intends to eliminate third-party cookies starting early next year after repeated delays, underscoring the project's tumultuous history.

Google no longer intends to drop support for third-party cookies - the online identifiers used by the ad industry to track people and target them with ads based on their online activities. The Privacy Sandbox - a suite of APIs for notionally privacy-protecting online ad delivery and analytics - will co-exist with third-party cookies in Chrome for the foreseeable future.

Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. [...]

A Latin America-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. The campaign involved the use of Google Cloud container URLs to host credential phishing pages with the aim of harvesting login information associated with Mercado Pago, an online payments platform popular in the LATAM region.