Google Fixes Critical Vulnerability in Chrome, Exploited in the Wild

Using specifically crafted WebP images, hackers can initiate CVE-2023-4863 vulnerability exploitation

Google released an urgent security update for its Chrome browser. The patch contains the fix for CVE-2023-4863, a heap buffer overflow vulnerability that can simply be exploited. Actually, Google states that this vulnerability has already been used in the wild. The breach affects browser builds for all supported OS – Mac, Linux and Windows. Google… Continue reading Google Fixes Critical Vulnerability in Chrome, Exploited in the Wild

Predasus Malware Attacks Latin America Through Browser Plugins

Using browser extensions, attackers can access a user's online financial transactions.

Latin America has been hit by cyberattacks using malicious Google Chrome extensions. Attackers targeted financial institutions, booking sites, and instant messaging. Malware used in this attacks was dubbed Predasus. Predasus Malware Targets Chromium-based Browsers in Latin America Threat analysts have discovered a new malware called “Predasus”. Attackers use this malware to insert harmful code through… Continue reading Predasus Malware Attacks Latin America Through Browser Plugins

Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency

A Windows malware designed to steal cryptocurrency and clipboard contents installs a malicious VenomSoftX Chrome extension on users’ machines. The extension works like a RAT (Remote Access Trojan), stealing victims’ data and cryptocurrencies. Let me remind you that we also said that Malicious Ledger Live extension for Chrome steals Ledger wallet data, and also that… Continue reading Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency

“This Site Can’t Provide a Secure Connection”: How to Fix

Do you use Google Chrome to browse the web and get "This Site Can't Provide a Secure Connection" error? In most cases, this is an easy fix.

Every active Internet user has encountered error messages at least once, especially security-related ones. For example, the “This site can’t provide a secure connection” notification can be alarming. However, more often than not, this problem is related to a problem with your web browser and is relatively easy to fix. In this article, we’ll look… Continue reading “This Site Can’t Provide a Secure Connection”: How to Fix

Chrome 0-day Vulnerability Used to Attack Candiru Malware

Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware

SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

A group of scientists from universities in Australia, Israel and the United States have presented a side-channel attack that allows recovering data from Google Chrome and Chromium-based browsers protected by the Site Isolation function. The attack is dubbed Spook.js (or SpookJS), which is a direct reference to the Meltdown and Specter processor vulnerabilities discovered in… Continue reading SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

Google fixed another major vulnerability in the V8 engine

A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser. The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher… Continue reading Google fixed another major vulnerability in the V8 engine

Heavy ad blocker started working in the Google Chrome

Earlier this year, Google Chrome developers announced about adding of a so-called heavy ad blocker. This is a mechanism that will detect and unload advertisements that consume too many system resources (creating unnecessary load on the processor, network bandwidth, and so on). Then Google engineers wrote that “heavy” advertising can significantly reduce the battery life… Continue reading Heavy ad blocker started working in the Google Chrome

Google Chrome fixed second 0-day vulnerability in two weeks

Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks

Google engineers fixed Chrome 0-day vulnerability that was already under attacks

Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome… Continue reading Google engineers fixed Chrome 0-day vulnerability that was already under attacks