Security News
Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled [...]
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said.
Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. As Chrome software engineer Will Harris explained in a blog post published today, Chrome currently uses the most robust techniques provided by each operating system to safeguard sensitive data such as cookies and passwords: Keychain services on macOS, kwallet or gnome-libsecret on Linux, and the Data Protection API on Windows.
Apple last week celebrated a slew of privacy changes coming to its Safari browser and took the time to bash rival Google for its Topics system that serves online ads based on your Chrome history. It's feared netizens could be still be tracked around the web using the Topics API in Chrome, or folks who have tried to hide their identity from advertisers could be rediscovered using the tech.
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. The Chrome browser now also sends suspicious files to the company's servers for a deeper scan for users with Enhanced Protection mode enabled in Safe Browsing, providing extra protection while "Reducing user friction."
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "Fixes" that install malware. Now the overlays display fake Google Chrome, Microsoft Word, and OneDrive errors.
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. The paper, co-signed by a team of Korean researchers from Samsung, Seoul National University, and the Georgia Institute of Technology, demonstrates the attack against Google Chrome and the Linux kernel.
Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. Modern browsers like Chrome use multiple processes to improve performance and security.