Google fixes another Chrome zero-day exploited in the wild
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …
December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day
For December 2019 Patch Tuesday, Microsoft and Adobe have released the final scheduled security updates for this year, Intel has fixed Plundervolt, and Google has delivered …
VisibleV8: Stealthy open source tool for monitoring JavaScript in the wild
An open source tool that allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs has been developed at North …
Google adds Password Checkup feature to Google Accounts, Chrome
The popularity of Google’s Password Checkup Chrome extension has spurred the company to build the technology into Google Account’s Password Manager and the Chrome …
Google increases bounties for Chrome, Google Play bugs
Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes …
Google launches Chrome extension for reporting suspicious sites
Google has announced two new features aimed at protecting users from deceptive and malicious websites: A new type of warning that will direct users away from sites that have …
Evernote Chrome extension flaw could have allowed access to personal info
Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal …
Chrome extension devs must drop deceptive installation tactics
After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out …
April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits
April Patch Tuesday is nearly here with two significant topics of concern. The first relates to end-of-service milestones and the second issue is browser exploits. Let’s start …
2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise
Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack, according …
Zero-day Chrome/Windows combo actively exploited in the wild
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely …
Google plugs Chrome zero-day exploited in the wild
If you’re using Google’s Chrome browser and have not yet upgraded to the latest available version, do so now or risk being hit by attackers. About CVE-2019-5786 …