Security News

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

The heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. Researchers urge Google Chrome users to update as soon as possible.

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon. Mozilla, maker of Chrome rival Firefox, has been trying to decide whether Camerfirma's history of questionable certificate management practices - documented in a lengthy list - warrants banishing the Spanish company's certificates from its Root Store - the set of certificates Firefox recognizes as trustworthy by default.

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability. When the vulnerability was first disclosed, Google stated that they would block HTTP and HTTPS access to TCP ports 5060 and 5061 to protect against this vulnerability in the release of Chrome 87.

Two major browsers -Microsoft Edge and Google Chrome - are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Microsoft on Thursday said that its next version of Edge will generate alerts if a user password is found in an online leak.

Google has added a new feature to the Chrome web browser that will make it easier to check if their stored passwords are weak and easy to guess, exposing users to brute force attacks or password cracking attempts. Google Chrome allows creating, storing, and filling your passwords with a mouse click while browsing the web using a built-in password manager.

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.

Google Chrome has fixed a bug that enabled antivirus programs on Windows 10 to lock newly created files. The patching of the bug means antivirus programs running on Windows would no longer block new files generated by the Chrome web browser, such as bookmarks.

Google is experimenting with increased storage for the browser cache to reduce the performance hit caused by the recently added partitioned cache feature. To prevent these side-channel attacks, Google added a new feature to Chrome 85 that partitions the browser's disk cache so that each site utilizes its own cache that cannot be read by other sites.

Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators. Google has been focusing on removing mixed-content in Google Chrome, when a secure page loads content from an insecure URL. As part of this initiative, Google rolled out a new feature in Chrome 86 that warns users when submitting insecure forms from a secure page to an insecure URL. Submitting an insecure form would display a warning about the risks of doing so and asks the user if they wish to continue submitting the information.