Glove Stealer Malware Bypasses Chrome’s App-Bound Encryption

November 15, 2024 at 08:30AM The Glove Stealer malware exploits a newly revealed App-Bound encryption bypass technique to carry out attacks. This vulnerability allows the malware to evade security measures in Chrome. ### Meeting Notes Takeaways: – **Malware Identification**: The discussion focused on the Glove Stealer malware. – **Attack Method**: The malware utilizes a newly … Read more

High-Severity Vulnerabilities Patched in Zoom, Chrome 

November 13, 2024 at 07:21AM Zoom Apps released security updates addressing six vulnerabilities, while the stable version of Chrome 131 has rolled out with twelve security fixes. These updates aim to enhance protection against high-severity threats. ### Meeting Takeaways: 1. **Zoom Security Update**: – Resolved six security vulnerabilities in Zoom Apps. 2. **Chrome Update**: – … Read more

Google says “Enhanced protection” feature in Chrome now uses AI

November 9, 2024 at 04:47PM Google is updating Chrome’s Enhanced protection to be powered by AI, improving real-time defenses against harmful sites and downloads. Additionally, features like Group tabs and Close unused tabs are being rebranded and enhanced with AI capabilities. These changes are currently being tested in Chrome Canary, with no release date announced. … Read more

Google Patches Critical Chrome Vulnerability Reported by Apple

October 30, 2024 at 05:32AM Google has addressed a critical vulnerability in Chrome (CVE-2024-10487), while Mozilla has resolved high-severity issues in Firefox. The updates ensure enhanced security for users of both browsers, following the report of the Chrome vulnerability by Apple. **Meeting Takeaways:** 1. **Patch Released for Chrome Vulnerability:** – Google has addressed CVE-2024-10487, classified … Read more

New tool bypasses Google Chrome’s new cookie encryption system

October 28, 2024 at 05:08PM A cybersecurity researcher, Alexander Hagenah, has released a tool that bypasses Google’s App-Bound encryption, enabling the extraction of saved credentials from Chrome. While it reflects a method similar to existing infostealer malware, its public availability increases risks for users storing sensitive data in the browser. Google is aware of the … Read more

Infostealer malware bypasses Chrome’s new cookie-theft defenses

September 24, 2024 at 01:35PM Infostealer malware developers claimed to bypass Google Chrome’s App-Bound Encryption feature, aiming to protect sensitive data like cookies. While the model prevents infostealer malware from stealing secrets stored in Chrome, security researchers observed multiple developers boasting about implementing a working bypass. Latest tests confirmed some malware variants can bypass the … Read more

Chrome switching to NIST-approved ML-KEM quantum encryption

September 16, 2024 at 12:29PM Google is updating Chrome’s post-quantum cryptography to protect against TLS attacks using quantum computers and mitigate store-now-decrypt-later attacks by switching Kyber to Module Lattice Key Encapsulation Mechanism (ML-KEM). This strategic move to an approved mechanism resolves issues when transitioning to a NIST-approved system. The change will be implemented in Chrome … Read more

Google fixes ninth Chrome zero-day exploited in attacks this year

August 22, 2024 at 11:22AM Google released a new emergency security update for Chrome to patch a zero-day vulnerability exploited in attacks. The high-severity CVE-2024-7971 vulnerability in Chrome’s V8 JavaScript engine was reported by Microsoft researchers. The update (128.0.6613.84/.85) will be automatically rolled out to users, and manual updates can be initiated through the Chrome … Read more

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

August 1, 2024 at 05:54AM Google has introduced app-bound encryption to Chrome on Windows to enhance browser security. This new feature prevents malicious applications from accessing encrypted data, increasing the difficulty for attackers. The change applies only to cookies currently but may expand to include passwords and payment data in the future. This is part … Read more

Chrome adopts app-bound encryption to stymie cookie-stealing malware

July 31, 2024 at 12:43PM Google is bolstering Chrome’s security for Windows users by implementing app-bound encryption to protect sensitive data like session cookies from infostealer malware. This new encryption method links data to specific apps and requires system privileges, making it harder for attackers to steal user data. Google plans to expand this encryption … Read more