Security News

Google says the latest release of Chrome for desktop devices now comes with a new performance-boosting feature designed to free up memory and make web browsing smoother. The new feature, dubbed Memory Saver, will release up to 30% of all memory by suspending inactive tabs, system memory which will be used by active tabs.

Google has disclosed more technical details about how Private Compute Core on Android works and keeps sensitive user data processed locally on protected devices. The isolation of PCC from all other apps is achieved by using the Android Framework API for all data inputs and outputs from and to the PCC, facilitated by permissions granted during OS installation.

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. "The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists," TAG said in a Thursday analysis.

Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware. Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome, which is being exploited by attackers in the wild. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Srinivas Sista, Technical program manager for Google Chrome, explained.

Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it's a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system - essentially unfettered access to the victim's device.

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.This update was immediately rolled out to our systems when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.