Security News

SoftServe has become an official Google Cloud reseller in the delivery and management of Google Cloud solutions. With this designation, SoftServe can support end-to-end delivery and management of Google Cloud solutions, from application development to cost control, in guiding its UK&I clients through the complex landscape of public cloud resource management.

"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session. The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine.

For the third time this year, Google has shipped an urgent fix to block in-the-wild zero-day attacks hitting its flagship Chrome browser. The latest emergency Chrome patch, available for Windows, MacOS and Linux, provides cover for at least five documented vulnerabilities.

Google is hurrying out a fix for a vulnerability in its Chrome browser that's under active attack - its third zero-day flaw so far this year. Another high-severity flaw is a heap-buffer overflow error that stems from Chrome tab groups.

Google last week announced the release of proof-of-concept code designed to exploit the notorious Spectre vulnerability and leak information from web browsers. In 2019, the Google team responsible for Chrome's V8 JavaScript engine said that the attack can't be mitigated at the software level, arguing that security boundaries in browsers should be aligned with low-level primitives, such as process-based isolation.

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks. The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users. The zero-day tracked as CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.

Google has published JavaScript proof-of-concept code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser's memory. According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.

Google says that the latest Google Chrome version comes with major memory savings on Windows systems and improves energy consumption and overall responsiveness. Google Chrome 89, which rolled out earlier this week, comes with significant Windows memory management improvements, with the browser process requiring up to 22% less memory.