Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

September 20, 2024 at 03:39AM Google introduced a Password Manager PIN for Chrome web users to securely sync passkeys across various devices. This PIN enhances security by end-to-end encrypting the passkeys, preventing access by anyone, including Google. Users can create a longer alpha-numeric PIN and are no longer required to scan a QR code. iOS … Read more

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

September 17, 2024 at 08:45AM Google is switching from KYBER to ML-KEM in Chrome to counter cryptographically relevant quantum computers (CRQCs). ML-KEM will be implemented in Chrome version 131 in November 2024, addressing incompatibility issues with KYBER. The move follows NIST’s release of new encryption algorithms for future quantum threats. Microsoft is also gearing up … Read more

Google fixes ninth Chrome zero-day exploited in attacks this year

August 21, 2024 at 05:44PM Today, Google issued a new emergency security update for Chrome to address a zero-day vulnerability, marking the ninth such exploit targeted in attacks this year. Based on the meeting notes, it seems that today Google has released a new emergency security update for Chrome to address a zero-day vulnerability, which … Read more

Chrome, Firefox Updates Patch Serious Vulnerabilities 

August 7, 2024 at 04:24AM Mozilla and Google released updates for their web browsers, patching a total of 20 vulnerabilities. Google’s Chrome version 127.0.6533.99 fixed six vulnerabilities of various severity, including a critical out-of-bounds memory access issue. Meanwhile, Mozilla’s Firefox version 129 addressed 14 vulnerabilities, 11 of which are rated as high severity. Both companies … Read more

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

May 14, 2024 at 10:39AM Google has released emergency fixes for a high-severity zero-day flaw in the Chrome web browser (CVE-2024-4761) actively exploited in the wild. The vulnerability affects the V8 JavaScript and WebAssembly engine and could allow data corruption, crashes, or execution of arbitrary code. Google urges users to upgrade to Chrome version 124.0.6367.207/.208 … Read more

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

April 25, 2024 at 03:01AM Google is delaying the deprecation of third-party tracking cookies in its Chrome browser to address competition concerns from U.K. regulators over its Privacy Sandbox initiative. It aims to phase out cookies early next year and is working with the U.K. Competition and Markets Authority to achieve an agreement by the … Read more

Google fixes first actively exploited Chrome zero-day of 2024

January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and … Read more

In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit

November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more

Chrome 118 Patches 20 Vulnerabilities

October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version … Read more

October 10, 2023 at 03:06AM – libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

October 10, 2023 at 03:06AM A security flaw in the libcue library affects GNOME Linux systems, allowing remote code execution (RCE) when a user downloads a malicious .cue file. The vulnerability (CVE-2023-43641) is caused by memory corruption in libcue versions 2.2.1 and earlier. Detailed technical information has been withheld to give users time to update. … Read more