Security News

Google is rolling out a new 'Tab Search' feature that allows you to search through your list of open tabs among all open browser windows to find a specific page. If you are like me and commonly have a large number of tabs open simultaneously, you can use the Tab Search feature to search for a particular page among your sea of open tabs.

Google has added new details on a pair of exploit servers used by a sophisticated threat actor to hit users of Windows, iOS and Android devices. Malware hunters at Google continue to call attention to a sophisticated APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.

"After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company said in a tweet. The insinuation from DuckDuckGo comes as Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple's App Store rules, but not before a three-month-long delay that caused most of its apps to go without being updated, lending credence to theories that the company had halted iOS app updates as a consequence of Apple's enforcement.

Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices.

Netizens who say Google continued to track them around the web even when using Chrome's incognito mode can proceed with their privacy lawsuit against the internet giant, a judge has ruled. Specifically, the judge denied Google's motion to dismiss the class-action-seeking lawsuit, stating: "The court concludes that Google did not notify users that Google engages in the alleged data collection while the user is in private browsing mode."

Google has released proof-of-concept exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack, written in JavaScript, to leak data at a speed of 1 kilobyte per second when running on Chrome 88 on an Intel Skylake CPU. The researchers said they hope the PoC will light a fire under web application developers to take active steps to protect their sites.

Google's Apple-mandated privacy labels for its Chrome and Search apps on iOS have drawn criticism from tiny search rival DuckDuckGo, which tweeted "No wonder they wanted to hide it." Mysterious delays in Google's app updates soon ensued - though the company said in January that: "As Google's iOS apps are updated with new features or to fix bugs, you'll see updates to our app page listings that include the new App Privacy Details. These labels represent the maximum categories of data that could be collected - meaning if you use every available feature and service in the app."

SoftServe has become an official Google Cloud reseller in the delivery and management of Google Cloud solutions. With this designation, SoftServe can support end-to-end delivery and management of Google Cloud solutions, from application development to cost control, in guiding its UK&I clients through the complex landscape of public cloud resource management.

"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session. The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine.