In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of it being exploited means it should be implemented as soon as possible. It appears to be the first 0-day exploit in Chrome browser in 2024.… Continue reading New Google Chrome 0-day Vulnerability Exploited, Update Now
Tag: Google Chrome
OAuth2 Session Hijack Vulnerability: Details Uncovered
A sophisticated exploit targeting Google’s OAuth2 authentication system was uncovered by Prisma threat actor. This exploit leverages undocumented functionalities within Google’s MultiLogin endpoint, enabling attackers to generate and maintain persistent Google cookies even after a password reset. OAuth2 Vulnerability Allows for Persistent Session Hijacking The attackers found a way to use specific components within the… Continue reading OAuth2 Session Hijack Vulnerability: Details Uncovered
Google Fixes Critical Vulnerability in Chrome, Exploited in the Wild
Google released an urgent security update for its Chrome browser. The patch contains the fix for CVE-2023-4863, a heap buffer overflow vulnerability that can simply be exploited. Actually, Google states that this vulnerability has already been used in the wild. The breach affects browser builds for all supported OS – Mac, Linux and Windows. Google… Continue reading Google Fixes Critical Vulnerability in Chrome, Exploited in the Wild
Predasus Malware Attacks Latin America Through Browser Plugins
Latin America has been hit by cyberattacks using malicious Google Chrome extensions. Attackers targeted financial institutions, booking sites, and instant messaging. Malware used in this attacks was dubbed Predasus. Predasus Malware Targets Chromium-based Browsers in Latin America Threat analysts have discovered a new malware called “Predasus”. Attackers use this malware to insert harmful code through… Continue reading Predasus Malware Attacks Latin America Through Browser Plugins
Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency
A Windows malware designed to steal cryptocurrency and clipboard contents installs a malicious VenomSoftX Chrome extension on users’ machines. The extension works like a RAT (Remote Access Trojan), stealing victims’ data and cryptocurrencies. Let me remind you that we also said that Malicious Ledger Live extension for Chrome steals Ledger wallet data, and also that… Continue reading Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency
“This Site Can’t Provide a Secure Connection”: How to Fix
Every active Internet user has encountered error messages at least once, especially security-related ones. For example, the “This site can’t provide a secure connection” notification can be alarming. However, more often than not, this problem is related to a problem with your web browser and is relatively easy to fix. In this article, we’ll look… Continue reading “This Site Can’t Provide a Secure Connection”: How to Fix
Chrome 0-day Vulnerability Used to Attack Candiru Malware
Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware
SpookJS Attack Allows to Bypass Site Isolation In Google Chrome
A group of scientists from universities in Australia, Israel and the United States have presented a side-channel attack that allows recovering data from Google Chrome and Chromium-based browsers protected by the Site Isolation function. The attack is dubbed Spook.js (or SpookJS), which is a direct reference to the Meltdown and Specter processor vulnerabilities discovered in… Continue reading SpookJS Attack Allows to Bypass Site Isolation In Google Chrome
Google fixed another major vulnerability in the V8 engine
A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser. The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher… Continue reading Google fixed another major vulnerability in the V8 engine
Heavy ad blocker started working in the Google Chrome
Earlier this year, Google Chrome developers announced about adding of a so-called heavy ad blocker. This is a mechanism that will detect and unload advertisements that consume too many system resources (creating unnecessary load on the processor, network bandwidth, and so on). Then Google engineers wrote that “heavy” advertising can significantly reduce the battery life… Continue reading Heavy ad blocker started working in the Google Chrome