October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more
October 23, 2024 at 12:06PM Google will soon introduce an “Enterprise Web Store” for Chrome and ChromeOS, allowing organizations to curate browser extensions for improved productivity and security. The platform enables better management, standardizes tools, and offers insights into extension usage, alongside new AI features and security controls for Chrome Enterprise users. ### Meeting Takeaways: … Read more
October 13, 2024 at 06:20PM Google’s Chrome Web Store warns that the uBlock Origin ad blocker may soon be blocked due to the deprecation of the Manifest V2 extension specification in favor of Manifest V3. Users are encouraged to switch to compatible alternatives, as advanced functionality may be limited with new versions. Manifest V2 will … Read more
September 24, 2024 at 08:53AM A new version of the Octo Android malware, known as “Octo2,” is spreading in Europe disguised as NordVPN, Google Chrome, and Europe Enterprise app. Based on the meeting notes, it seems that a new version of the Octo Android malware, called “Octo2,” has been detected spreading across Europe. It is … Read more
September 18, 2024 at 08:24AM Google released Chrome 129 in the stable channel, addressing nine vulnerabilities, with the most severe being a type confusion bug in the V8 JavaScript engine. The update also resolves medium and low-severity vulnerabilities, with $13,000 in bug bounty payouts. Chrome 129 is now rolling out for Windows, macOS, and Linux, … Read more
August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more
August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more
August 28, 2024 at 01:28PM Google has increased payouts for Google Chrome security flaws through its Vulnerability Reward Program, with the maximum reward for a single bug now over $250,000, more than doubling the previous amount. Based on the meeting notes, it seems that Google has increased its payouts for security flaws reported through its … Read more
August 27, 2024 at 02:27AM Google has disclosed an actively exploited security flaw in its Chrome browser, tracked as CVE-2024-7965, related to an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. The security researcher TheDog discovered the flaw and was awarded an $11,000 bug bounty. Users are advised to upgrade to Chrome version … Read more
August 22, 2024 at 02:51PM New security fixes are being rolled out for Chrome to address a high-severity type confusion bug, identified as CVE-2024-7971, in the V8 JavaScript engine. Google reported the presence of an exploit for this vulnerability. The updated version 128 of Chrome will address 38 vulnerabilities, including CVE-2024-7971, and is expected to … Read more