Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency

A Windows malware designed to steal cryptocurrency and clipboard contents installs a malicious VenomSoftX Chrome extension on users’ machines. The extension works like a RAT (Remote Access Trojan), stealing victims’ data and cryptocurrencies. Let me remind you that we also said that Malicious Ledger Live extension for Chrome steals Ledger wallet data, and also that… Continue reading Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency

“This Site Can’t Provide a Secure Connection”: How to Fix

Do you use Google Chrome to browse the web and get "This Site Can't Provide a Secure Connection" error? In most cases, this is an easy fix.

Every active Internet user has encountered error messages at least once, especially security-related ones. For example, the “This site can’t provide a secure connection” notification can be alarming. However, more often than not, this problem is related to a problem with your web browser and is relatively easy to fix. In this article, we’ll look… Continue reading “This Site Can’t Provide a Secure Connection”: How to Fix

Chrome 0-day Vulnerability Used to Attack Candiru Malware

Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware

SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

A group of scientists from universities in Australia, Israel and the United States have presented a side-channel attack that allows recovering data from Google Chrome and Chromium-based browsers protected by the Site Isolation function. The attack is dubbed Spook.js (or SpookJS), which is a direct reference to the Meltdown and Specter processor vulnerabilities discovered in… Continue reading SpookJS Attack Allows to Bypass Site Isolation In Google Chrome

Google fixed another major vulnerability in the V8 engine

A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser. The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher… Continue reading Google fixed another major vulnerability in the V8 engine

Heavy ad blocker started working in the Google Chrome

Earlier this year, Google Chrome developers announced about adding of a so-called heavy ad blocker. This is a mechanism that will detect and unload advertisements that consume too many system resources (creating unnecessary load on the processor, network bandwidth, and so on). Then Google engineers wrote that “heavy” advertising can significantly reduce the battery life… Continue reading Heavy ad blocker started working in the Google Chrome

Google Chrome fixed second 0-day vulnerability in two weeks

Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks

Google engineers fixed Chrome 0-day vulnerability that was already under attacks

Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome… Continue reading Google engineers fixed Chrome 0-day vulnerability that was already under attacks

295 Chrome extensions injected ads in search results

AdGuard analysts have identified 295 malicious extensions in the Chrome Web Store that have been installed over 80,000,000 times. These Chrome browser extensions injected ads into Google and Bing search results. Most of the dangerous extensions masked themselves as ad blockers and were easily found by queries such as adblock, adguard, ublock, ad blocker, and… Continue reading 295 Chrome extensions injected ads in search results

Experts discovered Chrome largest spyware installation campaign

Specialists from the company Awake Security reported about currently perhaps the largest spyware campaign for installing spyware in Google Chrome. As part of the campaign, criminals registered thousands of domains and used extensions in Chrome to install malware on victims’ devices. Users installed spyware through 32,962,951 downloads of various malicious extensions. “The Awake Security Threat… Continue reading Experts discovered Chrome largest spyware installation campaign