Security News

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. Earlier this month, Google began rolling out a new feature called Google Search Generative Experience in its search results, which provides AI-generated quick summaries for search queries, including recommendations for other sites to visit related to the query.

It's $2M less than in 2022, but it's still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million.

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate...

Google has introduced an updated Safe Browsing feature for Chrome on desktop and iOS, offering real-time protection against malicious sites while preserving user privacy. This enhancement allows Chrome to compare site URLs against Google's server-side database of known threats in real time, potentially blocking 25% more phishing attempts. Previously, Chrome relied on a locally-stored database updated every 30 to 60 minutes.The shift to server-side checks, announced in September 2023, aims to address the rapid growth of harmful websites and the brief existence of phishing domains. The new system checks URLs against cached safe URLs and previous Safe Browsing results. For URLs not in the cache,

Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz. Safe Browsing is a non-commercial Google API that allows client applications to lookup websites in a database to see whether they pose a known risk.

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. "Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats," said Google's Jasika Bawa and Jonathan Li. "If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts. The new capability - also rolling out to Android later this month - uses encryption and other privacy-enhancing techniques to ensure that no one, including Google, knows what website you're visiting."

Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. Google's 2023 highlights include newer reward categories, including finding flaws in its AI products and Android phone apps, plus a brand-new Bonus Awards program that periodically pays out time-limited, extra rewards for specific vulnerability targets.

Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The...

Boffins have managed to pry open closed AI services from OpenAI and Google with an attack that recovers an otherwise hidden portion of transformer models. "We thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. We also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix."

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.