Security News

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild. "Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551. Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

They've found a means of using a voice-activated smart speaker system without it having to listen to everything you say - and no, it's not "Pressing a button." "There are a lot of situations where we want our home automation system or our smart speaker to understand what's going on in our home, but we don't necessarily want it listening to our conversations," said the aptly named Alanson Sample, associate professor of electrical engineering and computer science at the University of Michigan.

Google patched more than 90 security vulnerabilities in its Android operating system impacting its Pixel devices and third-party Android handsets, including a critical remote code-execution bug that could allow an attacker to commandeer a targeted vulnerable mobile device. The Android System component of the OS also has a second critical vulnerability, an elevation-of-privilege issue tracked as CVE-2021-0516.

In an open letter this month, the Chaos Computer Club - along with Google, Facebook, and others - said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.

The French competition authority has fined Google €220 million for abusing its dominant position in online advertising and favoring its services to the disadvantage of its publishers and competitors. According to the French regulator, Google favored its Google Ad Manager tech used to operate the DFP ad server and the SSP AdX sales platform, which allow publishers to sell ad space on their sites and auction impressions to advertisers, respectively.

Google has launched a new experimental tool designed to help application developers visualize the dependencies of open source projects. In an effort to help developers gain a better perspective into the packages their open-source projects rely on, Google has introduced Open Source Insights, an exploratory visualization site that offers a view of dependencies, in an organized and accessible way.

Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting. Open Source Insights is a Google Cloud Platform-hosted tool that's accessible via a website into which users can enter the name of specific open source packages and get an overview of how they are put together.

Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group to collaborate on standardizing browser extensions to enhance both security and performance. "With multiple browsers adopting a broadly compatible model for extensions in the last few years, the WECG is excited to explore how browser vendors and other interested parties can work together to advance a common browser extension platform," the browser vendors said.

Google is tightening its privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The Google Advertising ID, analogous to Apple's IDFA, is a unique device identifier that can be used by app developers to track users as they move between apps to target ads better and measure the effectiveness of marketing campaigns.