Security News

Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks. The high-severity flaw is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine.

A set of Android malware droppers were found infiltrating the Google Play store to install banking trojans pretending to be app updates. Malware droppers are a challenging category of apps to stop because they do not contain malicious code themselves and thus can more easily pass Google Play reviews when submitted to the store.

Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and 8.1 starting February 2023. After support is discontinued for these two Windows versions, the company says Chrome users must ensure that their devices are running at least Windows 10.

In brief Google has released a new open source software tool to help businesses better understand the risks to their software supply chains by aggregating security metadata into a queryable, standardized database. The Graph for Understanding Artifact Composition, or "GUAC" - pronounced like the avocado dip - "Aggregates and synthesizes software security metadata at scale and makes it meaningful and actionable," Google said in a blog post.

Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android. Clicker apps are a special category of adware that loads ads in invisible frames or in the background and clicks them to generate revenue for their operators.

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google's ad service to carry out phishing campaigns on financial institutions. In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft - threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover.

Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai Maruseac, and Isaac Hepworth of Google said in a post shared with The Hacker News.

Texas attorney general Ken Paxton has sued Google for allegedly collecting and using biometric data belonging to millions of Texans without proper consent. The Texas AG says that Google allegedly used products and services like Google Photos, Google Assistant, and Nest Hub Max to collect a vast array of biometric identifiers, including voiceprints and records of face geometry since 2015.

Google Search is timing out when users search for specific terms like "How many emojis on iOS," "How many emojis on Apple" or "How many emojis on Windows." BleepingComputer was able to reproduce the issue on both Google search sites and the mobile app.