Chrome 0-day Vulnerability Used to Attack Candiru Malware

Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware

SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

A group of scientists from universities in Australia, Israel and the United States have presented a side-channel attack that allows recovering data from Google Chrome and Chromium-based browsers protected by the Site Isolation function. The attack is dubbed Spook.js (or SpookJS), which is a direct reference to the Meltdown and Specter processor vulnerabilities discovered in… Continue reading SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

Google fixed another major vulnerability in the V8 engine

A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser. The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher… Continue reading Google fixed another major vulnerability in the V8 engine

Heavy ad blocker started working in the Google Chrome

Earlier this year, Google Chrome developers announced about adding of a so-called heavy ad blocker. This is a mechanism that will detect and unload advertisements that consume too many system resources (creating unnecessary load on the processor, network bandwidth, and so on). Then Google engineers wrote that “heavy” advertising can significantly reduce the battery life… Continue reading Heavy ad blocker started working in the Google Chrome

Google Chrome fixed second 0-day vulnerability in two weeks

Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks

Google engineers fixed Chrome 0-day vulnerability that was already under attacks

Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome… Continue reading Google engineers fixed Chrome 0-day vulnerability that was already under attacks

295 Chrome extensions injected ads in search results

AdGuard analysts have identified 295 malicious extensions in the Chrome Web Store that have been installed over 80,000,000 times. These Chrome browser extensions injected ads into Google and Bing search results. Most of the dangerous extensions masked themselves as ad blockers and were easily found by queries such as adblock, adguard, ublock, ad blocker, and… Continue reading 295 Chrome extensions injected ads in search results

Experts discovered Chrome largest spyware installation campaign

Specialists from the company Awake Security reported about currently perhaps the largest spyware campaign for installing spyware in Google Chrome. As part of the campaign, criminals registered thousands of domains and used extensions in Chrome to install malware on victims’ devices. Users installed spyware through 32,962,951 downloads of various malicious extensions. “The Awake Security Threat… Continue reading Experts discovered Chrome largest spyware installation campaign

Mandrake malware was hiding on Google Play for more than four years

Bitdefender experts found Mandrake spyware in the official Android app store, hiding on Google Play for four years (since 2016). The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on. At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus,… Continue reading Mandrake malware was hiding on Google Play for more than four years

Due to the pandemic Google developers re-enabled FTP support for Chrome

Most recently, I wrote that Firefox developers plan to remove from their browser support for the FTP protocol, as consider it to be unsafe. At the same time, Google re-enabled FTP support for Chrome. Google developers have been talking about abandoning FTP since 2014, since very few browser users (0.1-0.2%) use the protocol. In 2018,… Continue reading Due to the pandemic Google developers re-enabled FTP support for Chrome