Security News
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.This update was immediately rolled out to our systems when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.
An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. This Chrome extension is being installed by the ViperSoftX Windows malware, which acts as a JavaScript-based RAT and cryptocurrency hijacker.
A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks. The Cloud9 browser botnet is effectively a remote access trojan for the Chromium web browser, including Google Chrome and Microsoft Edge, allowing the threat actor to remotely execute commands.
Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and 8.1 starting February 2023. After support is discontinued for these two Windows versions, the company says Chrome users must ensure that their devices are running at least Windows 10.
A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks.
A "Major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson.
Chrome version 104 accidentally introduced a bug that removes the user requirement to approve clipboard writing events from websites they visit. When the user tries to make a payment and copies the wallet address to the clipboard, the website can write to the clipboard the threat actor's address.
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.
A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers and can steal mail from Gmail and AOL accounts.