Security News
Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. A user agent is a string sent by a web browser to a website to let the site know what browser the visitor is using, its version, and integrated technology.
Google said, in an August report, the number of geofence warrants the company received from law enforcement agencies jumped from 982 in 2018 to 11,554 in 2020. "Since the start of 2018, we have seen a rise in the number of search warrants in the United States that order Google to identify users, based on their Location History information, who may have been in a given area within a certain time," Google said.
A recent AtlasVPN report highlights the companies that have amassed the most security vulnerabilities through the first half of 2021. In the first six months of 2021, Google and Microsoft have "Accumulated the most vulnerabilities," according to Atlas VPN findings based on a recent Telefonica Tech report.
Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above. The expansion is expected to go live later this year in December 2021 and enabled on Android phones with Google Play services running Android 6.0 or higher, which the company said should cover "Billions more devices." Google officially released Android 6.0 Marshmallow on October 5, 2015.
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.
Google is investigating reports of black screens showing up on users' Chromebooks when trying to log into their Chrome OS accounts. The company has acknowledged this issue on the Google Customer Care Portal almost one hour ago and is yet to provide updates or a workaround for customers impacted by this bug.
A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. To target victims, the malware is spread from a fake Google advertisement for various software, researchers found - an indirect alternative to social-engineering tactics like spear-phishing emails.
Google has addressed two zero-day security bugs that are being actively exploited in the wild. Google is restricting any technical details "Until a majority of users are updated with a fix," it said.
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre, and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space.
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. Google Chrome will also automatically check for new updates the next time you restart the browser.