March 7, 2024 at 10:00AM Former Google software engineer Linwei (Leon) Ding, 38, was indicted by the U.S. Department of Justice for allegedly stealing proprietary information on Google’s AI technologies and transferring it to Chinese companies. Ding covertly uploaded over 500 files to his personal Google Cloud account and concealed his actions by lying and … Read more
February 5, 2024 at 06:06PM Google has released an AI-aided fuzzing framework in open source to help find vulnerabilities faster. The tool leverages large language models to generate fuzz targets and has resulted in a 30% increase in code coverage for over 300 projects. The framework allows experimentation and testing of fuzz targets and also … Read more
January 24, 2024 at 07:36AM Google announced the release of Chrome 121, addressing 17 vulnerabilities, 11 of which were reported by external researchers. Three were rated as ‘high’ severity, earning bug bounty rewards totaling over $30,000. The update also resolved six medium-severity and two low-severity issues. The specific technical details of the resolved bugs were … Read more
January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and … Read more
January 10, 2024 at 07:09AM In January 2024, Google released Android security updates, addressing a total of 58 vulnerabilities across the platform and Pixel devices. It included high-severity issues in Framework and System components. The update also addressed vulnerabilities in third-party components. Additionally, Pixel devices received fixes for three medium-severity vulnerabilities. Users are advised to … Read more
November 16, 2023 at 01:15PM Google has released updated USB-A and USB-C models of its Titan security key, which now supports passkeys. These keys are secure authentication devices that can store over 250 unique passkeys and work with various applications. Google aims to replace passwords with passkeys and plans to distribute 100,000 free security keys … Read more
November 1, 2023 at 10:23AM Google has released Chrome version 119, which includes patches for 15 vulnerabilities, with 13 of them reported by external researchers. Three bugs are rated as ‘high severity.’ Google has awarded $16,000 and $11,000 for the first two bugs respectively, with the amount for the third bug yet to be determined. … Read more
October 25, 2023 at 03:57PM Mozilla and Google have released software updates for Firefox and Chrome to address high-severity vulnerabilities, including memory safety bugs. Mozilla’s Firefox update addresses 11 vulnerabilities, including an insufficient activation-delay bug and memory safety issues that could allow arbitrary code execution. The update also patches medium-severity flaws affecting header leakage, crashes, … Read more
October 13, 2023 at 09:19AM SecurityWeek provides a concise compilation of noteworthy cybersecurity stories. This week’s stories include the appeal of former Uber security chief Joe Sullivan against his conviction for covering up a data breach, a bounty offered for finding the NIST elliptic curve seeds, analysis of surveillance products by NSO Group competitor Intellexa, … Read more
October 12, 2023 at 10:21AM Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or … Read more