Security News
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. "Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties," security researcher Jan Vojt?šek, who reported the discovery of the flaw, said in a write-up.
Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. In Chrome 87, Google introduced a new feature called 'Intensive Wake Up Throttling' that prevents JavaScript from waking up a tab more than once a minute after it has been suspended and hidden from view for more than 5 minutes.
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.
A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. Yesterday, web developer 'z0ccc' shared a new fingerprinting method called 'Extension Fingerprints' that can generate a tracking hash based on a browser's installed Google Chrome extensions.
The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control servers, according to enterprise security company Proofpoint, which observed the component on June 6.
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info, the malware will send it to command-and-control servers different than the ones the Emotet card stealer module.
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The flaw, which was identified in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company Numen Cyber Labs and has since been quietly fixed by the company.
A growing number of Android Google Chrome users in Russia are reporting errors when attempting to install the latest update for the web browser. According to Russian news outlets and numerous user comments on the Play Store, the issues started on May 9th, 2022, when Google released Chrome version 101 for Android.
Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.