Security News

The company will deepen its initial work with Google and move its offline analytics, data processing, and machine learning workloads to Google's Data Cloud. With this expanded partnership, Twitter is adopting Google's Data Cloud including BigQuery, Dataflow, Cloud Bigtable and machine learning tools.

Google is weaning itself off user-tracking "Cookies" which allow the web giant to deliver personalized ads but which also have raised the hackles of privacy defenders. Last month, Google unveiled the results of tests showing an alternative to the longstanding tracking practice, claiming it could improve online privacy while still enabling advertisers to serve up relevant messages.

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

The heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. Researchers urge Google Chrome users to update as soon as possible.

Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020. The total amount of bug bounty rewards increased only slightly compared to 2019, when the Internet search giant paid just over $6.5 million.

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads.

A team from Google has now posted at length about the issue in the hope of "Sparking industry-wide discussion and progress on the security of open source software." The post - called "Know, Prevent, Fix" - is co-authored by Eric Brewer, VP of infrastructure at Google, distinguished engineer Rob Pike; principal software engineer Abhishek Arya; program manager, Open Source Security, Anne Bertucio; and product manager Kim Lewandowski.

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Clicking the thumbnail or "View File" link leads to the final phishing page, asking victims to log in with their Microsoft credentials, and asks them to provide alternate email addresses or phone numbers - an effort to collect data that could be used to get around two-factor authentication or account recovery mechanisms.

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question - including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock - made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server.

Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege. Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google's advisory explains.