Security News

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.

Google has announced the rollout of two new non-negotiable security features for Android users who have also enrolled in the company's Advanced Protection Program. On Wednesday, Google said that the company is now automatically turning Google Play Protect on for all devices with a Google Account enrolled in Advanced Protection and will require that it remain enabled.

Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs. "The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

Google has awarded its inaugural annual top prize for the Google Cloud Platform, for vulnerabilities found in the Google Cloud Shell. The find - a container escape that leads to host root access and the ability to use privileged containers - has earned $100,000 for Dutch researcher Wouter ter Maat.

Google announced on Wednesday that it's prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020. Researchers who find vulnerabilities in Google Cloud Platform and disclose them through the company's Vulnerability Reward Program can earn up to $31,337.

Google has seemingly stopped claiming an identifier it uses internally to track experimental features and variations in its Chrome browser contains no personally identifiable information. In February, Arnaud Granal, a software developer who works on a Chromium-based browser called Kiwi, claimed the X-client-data header, which Chrome sends to Google when a Google webpage has been requested, represents a unique identifier that can be used to track people across the web.

Like many of us, McCoy had an Android phone that was linked to his Google account, and he used plenty of apps that store location data: Gmail, YouTube, and an exercise-tracking app called RunKeeper that feeds off of Google location data and which helps users to track their workouts. On the day of the burglary - 29 March 2019 - Google knew that McCoy had passed the scene of the crime three times within an hour as he looped through his neighborhood during his workout.

Google has announced that Android and macOS users can now use more web browsers to initially register security keys to their accounts. Now, Google aims to help more users take advantage of the capability through making it easier to enroll security keys.

First came 'fuzzing', a long-established technique for spotting bugs such as security flaws in real applications using automated tools. More recently, security fuzzing tools have expanded in number, and today there are hundreds of specialised open-source tools and online services designed to probe specific types of software.