October 16, 2024 at 07:27AM Google launched Chrome 130 to address 17 vulnerabilities, with 13 identified by external researchers. The update highlights the importance of cybersecurity, as Google also awarded $36,000 for a severe vulnerability discovered in the browser. **Meeting Takeaways:** 1. **Chrome Update:** Google has released Chrome version 130 in the stable channel. 2. … Read more
September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more
September 9, 2024 at 03:57PM Google is promoting the deployment of Rust in existing low-level firmware codebases to combat memory-related security vulnerabilities. The company aims to demonstrate the viability of using Rust for firmware, highlighting its efficiency in guaranteeing memory safety and reducing vulnerabilities in existing code. This migration has led to a decrease in … Read more
September 4, 2024 at 11:22AM Google has issued the September 2024 Android security updates, addressing 34 vulnerabilities. Notably, CVE-2024-32896, a previously patched elevation of privilege flaw on Pixel devices, has been actively exploited. Based on the meeting notes, it appears that Google has released the September 2024 Android security updates to address 34 vulnerabilities. One … Read more
September 4, 2024 at 10:12AM Google has released its monthly security updates for the Android operating system to address a high-severity vulnerability (CVE-2024-32896) related to privilege escalation in the Android Framework component. The vulnerability has been actively exploited and impacts the entire Android ecosystem. Users are advised to update their devices to protect against potential … Read more
August 6, 2024 at 02:32PM Google released 46 fixes for Android in its August security patch batch, addressing a high-severity Linux kernel flaw (CVE-2024-36971) with potential for remote code execution. The bug may already be exploited by spyware, highlighting the urgency of updating Android devices. Other high-severity vulnerabilities include a Qualcomm component flaw and 11 … Read more
July 25, 2024 at 01:57AM Google is enhancing security in Chrome by adding new warnings for potentially dangerous file downloads. The new warnings convey more detailed information and offer a two-tier warning system based on Google Safe Browsing verdicts. Enhanced Protection mode allows for automatic deep scans without user prompts, while maintaining user privacy by … Read more
July 10, 2024 at 06:39AM Google has introduced passkeys for high-risk users enrolling in the Advanced Protection Program, offering strong account security. Passkeys are tied to specific devices and provide a more secure alternative to traditional passwords, using biometric sensors or PINs. High-risk users can enroll using passkeys, ensuring protection against unauthorized access and phishing … Read more
July 2, 2024 at 02:11PM Google has initiated the kvmCTF, a new VRP to enhance the security of the KVM hypervisor. Offering $250,000 for full VM escape exploits, the program targets zero-day vulnerabilities through a controlled lab environment. Researchers will use exploits to capture flags, earning rewards based on the severity of the attack. Rules … Read more
June 13, 2024 at 04:00AM Google has warned of a zero-day security flaw, CVE-2024-32896, in Pixel Firmware, being exploited in targeted attacks. The June 2024 security update addresses a total of 50 vulnerabilities, including denial-of-service issues and information disclosure flaws in Qualcomm chipsets. Updates are available for supported Pixel devices. Previous security flaws have also … Read more