January 6, 2024 at 11:46AM Malware is exploiting an undocumented Google Chrome API to generate new authentication cookies from stolen ones. Multiple malware operations are using this technique to gain access to users’ Google accounts through the API, and Google has downplayed the severity of the issue. The company urges affected users to take precautionary … Read more
January 4, 2024 at 10:13AM Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current … Read more
January 2, 2024 at 03:06PM Info-stealing malware can still access compromised Google accounts even after passwords are changed, due to a zero-day exploit first mentioned by the cybercriminal “PRISMA.” The exploit involves regenerating session tokens to access emails and cloud storage. CloudSEK identified the exploit in the undocumented Google OAuth endpoint “MultiLogin.” The discover reveals … Read more
December 21, 2023 at 05:51AM Google released emergency patches for the eighth zero-day vulnerability in Chrome this year. Tracked as CVE-2023-7024, it is a high-severity heap buffer overflow bug in the WebRTC component. The exploit is actively used and was reported by Google’s Threat Analysis Group. The latest Chrome version is 120.0.6099.129 for macOS and … Read more
December 20, 2023 at 04:44PM Google has released emergency updates to address the eighth Chrome zero-day vulnerability of the year, CVE-2023-7024, which was exploited in targeted attacks. The bug, discovered by Google’s Threat Analysis Group, affects the open-source WebRTC framework and poses a high-severity risk due to a heap buffer overflow weakness. Google aims to … Read more
December 15, 2023 at 06:16PM Google has expanded its Bug Hunters program to include third-party discovery and reporting of issues and vulnerabilities specific to its AI systems. The program includes rewards for various attacks, model manipulations, adversarial perturbations, and model theft/exfiltration. Rewards are based on severity and target affected. To report a qualifying issue, visit … Read more