April 8, 2024 at 07:36AM Google has introduced a new sandbox to combat memory safety bugs in its Chrome V8 engine. The tech giant also included it in the bug bounty program, aiming to enhance the browser’s security. This update was featured on SecurityWeek. Based on the meeting notes, it appears that Google is implementing … Read more
April 3, 2024 at 10:15AM Google is testing Device Bound Session Credentials (DBSC) in Chrome to protect against session hijacking by malware. The feature binds authentication sessions to a device, disrupting cookie theft and making it harder to abuse stolen cookies. It uses a cryptographic approach and is initially rolled out to half of Chrome’s … Read more
April 2, 2024 at 12:45PM Google is introducing Device Bound Session Credentials (DBSC) to Chrome, preventing cookie theft by binding browser authentication sessions to the device. This technology, developed by the Web Incubator Community Group, uses private key authentication. DBSC ensures sessions are secure and deters cookie theft malware, with plans for widespread implementation by … Read more
March 17, 2024 at 01:08PM Microsoft is promoting Bing and the GPT-4 Bing Chat platform to Google Chrome users through popup desktop ads on Windows 10 and Windows 11. Although some users initially suspected malware due to the ad quality, Microsoft confirmed the legitimacy as a one-time notification offering the choice to set Bing as … Read more
January 17, 2024 at 01:36PM CISA has directed U.S. federal agencies to secure their systems against recently patched Citrix NetScaler and Google Chrome zero-days. The urgency is due to active exploitation of the vulnerabilities. The agencies have specific timelines for patching, with the most critical CVE-2023-6548 vulnerability requiring resolution within a week. CISA urges all … Read more
January 6, 2024 at 11:46AM Malware is exploiting an undocumented Google Chrome API to generate new authentication cookies from stolen ones. Multiple malware operations are using this technique to gain access to users’ Google accounts through the API, and Google has downplayed the severity of the issue. The company urges affected users to take precautionary … Read more
January 3, 2024 at 07:58AM The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog. The first vulnerability, CVE-2023-7101, affects the Spreadsheet::ParseExcel library, allowing remote code execution. The second vulnerability, CVE-2023-7024, is a heap buffer overflow issue in WebRTC in Google Chrome. Federal agencies have until January 23 … Read more
December 25, 2023 at 01:35PM Google has updated the Chrome Safety Check feature to automatically check for compromised passwords and alert desktop users about dangerous extensions. It will also revoke permissions for less-visited websites and identify and disable excessive notifications. Additionally, new features include saving tab groups and upgrading performance controls. Google also automatically upgrades … Read more
December 21, 2023 at 09:33AM The Chameleon Android banking trojan is back with new tricks, disabling biometrics to steal PINs on Android devices. This upgraded version evades detection by posing as Google Chrome through the Zombinder service. It now targets Android 13 and 14, bypassing security settings to gain accessibility permissions and disrupting biometric operations. … Read more
November 28, 2023 at 04:30PM Google has released an emergency security update to fix the fifth Chrome zero-day vulnerability of the year. The vulnerability, CVE-2023-6345, was being actively exploited in attacks. Google acknowledged the exploit and released patched versions for Windows, Mac, and Linux users. The company is restricting access to bug details until most … Read more