A coordinated campaign of 16 malicious GPT optimisers has been caught hijacking ChatGPT accounts. These tools steal session tokens to access private chats, Slack, and Google Drive files.
Category: Chrome
Chrome, cyber attack, cyber crime, Global Security News, malware, Security
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
Say hello to Stanley, a new malicious toolkit that guarantees bypassing Google’s Chrome Web Store review process.
Browser, Chrome, cyber attack, Global Security News, malware, Security
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs
Researchers uncover a 5-year malware campaign using browser extensions on Chrome, Firefox and Edge, relying on hidden payloads and shared infrastructure.
Breaking News, Chrome, CISA, Exploits, Global Security News, hacking, Security
U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1, 2] Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-14174 Google Chromium Out-of-Bounds…
Breaking News, Chrome, Exploits, Global Security News, Google, hacking, Security
Google fixed a new actively exploited Chrome zero-day
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. “Google is aware that an exploit for 466192044 exists in the wild,” reads…
Chrome, Global Security News, malware, Scams and Fraud, Security
ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings
ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings.
AI, Chrome, Data Breaches, Global Security News, privacy
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini…
AI, Chrome, Data Breaches, Global Security News, privacy
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini…
Browser, Chrome, Global Security News, Security
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now.
Breaking News, Chrome, cyber crime, Global Security News, malware
Chrome extension “Safery” steals Ethereum wallet seed phrases
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web…
Breaking News, Chrome, Exploits, Global Security News, Google, Security
Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid
Google released Chrome 142, fixing 20 flaws, including two high-severity V8 bugs, and awarded $100,000 in bug bounties. Google addressed 20 flaws in Chrome version 142, including high-severity bugs that impact the V8 engine. The IT giant awarded $100,000 in bounties for two issues in the V8 JavaScript engine. The two vulnerabilities are tracked as…
Breaking News, Chrome, Exploits, Global Security News, hacking, Security
Brush exploit can cause any Chromium browser to collapse in 15-60 seconds
“Brash” flaw in Chromium’s Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed. Security researcher Jose Pino found a severe vulnerability, named Brash, in Chromium’s Blink rendering engine that can be exploited to crash many Chromium-based browsers within a few seconds. “Brash is a critical vulnerability in Blink, the rendering engine that…
Breaking News, Chrome, Exploits, Global Security News, Google, hacking, Security
Google fixes critical Chrome flaw, researcher earns $43K
Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution. A researcher earned $43000 from Google for reporting a critical Chrome vulnerability, tracked as CVE-2025-10200, in the Serviceworker component. A use-after-free (UAF) occurs when a program accesses memory after it has been freed. This can cause crashes, data…
Browser, Chrome, cyber attack, Global Security News, malware, Security
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…
Breaking News, Chrome, Exploits, Global Security News, Google, hacking, Security
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément…
Breaking News, Chrome, CISA, Exploits, Global Security News, hacking, Security
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
Breaking News, Chrome, Exploits, Global Security News, hacking, information security news, IT Information Security
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker…
Chrome, Global Security News, leaks, privacy, Security
Popular Chrome Extensions Found Leaking Data via Unencrypted Connections
Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users.
Breaking News, Chrome, Exploits, Global Security News, hacking, Security
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
Breaking News, Chrome, Exploits, Global Security News, hacking, Security
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
Breaking News, Chrome, Exploits, Global Security News, hacking, Security
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
Breaking News, Chrome, Exploits, Global Security News, hacking, Security
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript…
AI, Chrome, Compliance, Global Security News, Network Security, Risk Management
Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that…
AI, Chrome, Compliance, Global Security News, Network Security, Risk Management
Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that…
AI, Android, Apps, Chrome, Global Security News, Google
Google rolls out new AI and accessibility features to Android and Chrome
Google announced on Thursday that it’s rolling out new AI and accessibility features to Android and Chrome. Most notably, TalkBack, Android’s screen reader, now lets you ask Gemini about what’s in images and what’s on your screen. Last year, Google brought Gemini’s capabilities to TalkBack to give people who are blind or have low vision…
AI, Apps, Chrome, Global Security News, Google
Google rolls out AI tools to protect Chrome users against scams
Google announced on Thursday that it’s rolling out new AI-powered defenses to help combat scams on Chrome. The tech giant is going to start using Gemini Nano, its on-device large language model (LLM), on desktop to protect users against online scams. It’s also launching new AI-powered warnings for Chrome on Android to help users be…
Chrome, Cybersecurity, Global Security News, Security
Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
Kaspersky attributed the hacks to an espionage campaign targeting journalists and employees at educational institutions.
Chrome, Cloud Security, Global Security News, passwords, Security
How to Remove Your Saved Passwords in Chrome
Given Chrome’s frequent security issues, you shouldn’t be saving your passwords to Google’s browser. Learn how to delete and prevent passwords from re-syncing in Chrome.
Apple, Automattic, Chrome, Cybersecurity, Global IT News, Global Security News, macOS, malware, Security, Windows, wordpress
Hackers are hijacking WordPress sites to push Windows and Mac malware
A cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress. © 2024 TechCrunch. All rights reserved. For personal use only.