Google bakes new cookie strategy that will leave crooks with a bad taste

April 3, 2024 at 08:11AM Google is addressing cookie theft by developing Device Bound Session Credentials (DBSC) to tie authentication data to a specific device, making stolen cookies useless. DBSC creates public/private key pairs and associates sessions with the public key, preventing correlation between keys from different sessions to protect privacy. Google expects to support … Read more

Google Patches Exploited Pixel Vulnerabilities

April 3, 2024 at 06:24AM Google released patches for 28 Android vulnerabilities and 25 Pixel device bugs, including two actively exploited issues (CVE-2024-29745 and CVE-2024-29748). Notable among the flaws is CVE-2024-23704, a high-severity vulnerability in the System component. The update also addressed security issues in Qualcomm and MediaTek components and resolved bugs in Android Automotive … Read more

New Chrome feature aims to stop hackers from using stolen cookies

April 2, 2024 at 02:13PM Google has unveiled a new Chrome security feature called Device Bound Session Credentials (DBSC), which cryptographically binds authentication cookies to a specific device, preventing hackers from stealing them for account hijacking. This enhanced security measure effectively thwarts cookie theft malware and is expected to be supported by half of Chrome … Read more

Google gooses Safe Browsing with real-time protection that doesn’t leak to ad giant

March 14, 2024 at 02:06PM Google has upgraded Safe Browsing in Chrome for desktop, iOS, and soon Android, providing real-time protection against risky websites without sharing browsing history with Google. The enhanced service uses real-time URL lookups and machine learning, while the Standard version now supports privacy-preserving real-time data lookup. It employs a technical enhancement … Read more

Google Chrome gets real-time phishing protection later this month

March 14, 2024 at 12:45PM Google is set to update Safe Browsing in Chrome to provide real-time malware and phishing protection without compromising privacy. The enhanced protection mode will use AI for deeper scans, while the new privacy server and Fastly Oblivious HTTP relays will obscure users’ URLs and IP addresses for added privacy. Based … Read more

Poking holes in Google tech bagged bug hunters $10M

March 13, 2024 at 02:10PM Google awarded $10 million to 632 bug hunters in 2023, slightly less than the previous year. The company introduced new reward categories and a Bonus Awards program. High-paying categories included Android VRP, and Wear OS was added to the bounty program. However, the effectiveness of bug bounties in making software … Read more

Google Paid Out $10 Million via Bug Bounty Programs in 2023

March 12, 2024 at 02:04PM Google announced a $10 million payout in 2023 for its bug bounty programs, totaling $59 million since 2010. 632 researchers from 68 countries earned rewards, with the highest single payout at $113,337. $3.4 million was awarded for Android vulnerabilities, with increased maximum rewards. Google’s bug bounty payouts are comparable to … Read more

Google paid $10 million in bug bounty rewards last year

March 12, 2024 at 12:52PM Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and reporting security flaws in its products, a decrease from 2022’s $12 million. The highest reward for a vulnerability report was $113,337, totaling $59 million since 2010. Increased rewards were given for Android and Chrome vulnerabilities. … Read more

New Google Chrome feature blocks attacks against home networks

February 17, 2024 at 10:56AM Google is testing a new feature to prevent malicious websites from attacking devices and services on a user’s internal, private networks through their browser. The proposed “Private Network Access protections” in Chrome 123 will conduct checks before directing a browser to visit sites within the user’s private network, aiming to … Read more

Google Warns of Chrome Browser Zero-Day Being Exploited

January 16, 2024 at 04:24PM Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This … Read more