Tag: Google Chrome

New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems
News

New ARM ‘TIKTAG’ attack impacts Google Chrome,Linux systems

With almost a 95% likelihood of success, a novel speculative execution attack called "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data, enabling hackers to get around the security measure. The attack on Google Chrome and the Linux kernel is demonstrated in the paper, which is co-signed by a group of Korean academics from Samsung, Seoul National University, and the Georgia Institute of Technology. MTE is a feature intended to identify and stop memory corruption that was added to the ARM v8.5-A architecture (and later). By making sure that the tag in the pointer matches the accessible memory region, the system employs low-overhead tagging, which assigns 4-bit tags to 16-byte memory chunks, to defend against memory corruption attacks read more New ARM 'TIKTAG' attac...
Google Chrome Adds V8 Sandbox A New Defense Against Browser Attacks
News

Google Chrome Adds V8 Sandbox A New Defense Against Browser Attacks

To address memory corruption issues, Google has announced support for the so-called V8 Sandbox in the Chrome web browser. Samuel Groß, the technical lead for V8 Security, states that the sandbox is intended to stop "memory corruption in V8 from spreading within the host process." V8 Sandbox is a lightweight, in-process sandbox for the JavaScript and WebAssembly engine that is intended to minimize common V8 vulnerabilities, according to the search giant. By limiting the code executed by V8 to a portion of the process' virtual address space (referred to as "the sandbox") and isolating it from the remainder of the process, the impact of V8 vulnerabilities is intended to be mitigated read more Google Chrome Adds V8 Sandbox A New Defense Against Browser Attacks. Get up to date on t...
Google Chrome gets real time phishing protection later this month
News

Google Chrome gets real time phishing protection later this month

Later this month, Google will release a Safe online upgrade that will safeguard all Chrome users from malware and phishing in real-time without jeopardizing their privacy when online. In order to protect consumers from online phishing scams, the business introduced Safe Browsing in 2005. Since then, it has been enhanced to prevent bad domains that distribute malware, unwanted software, and different social engineering techniques. For individuals who prefer quick and proactive security enabled by deeper scans of downloaded files, there is also an opt-in Safe Browsing Enhanced security option that use AI to stop threats read more Google Chrome gets real time phishing protection later this month. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecu...
Zero-Day Alert Update Chrome Now to Fix New Actively Exploited Vulnerability
News

Zero-Day Alert Update Chrome Now to Fix New Actively Exploited Vulnerability

Updates for Google's Chrome browser, which addresses four security flaws including an active zero-day vulnerability, were made available on Tuesday. Threat actors may be able to use the problem, which is tracked as CVE-2024-0519, to cause a crash by taking advantage of an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. According to MITRE's Common Weakness Enumeration (CWE), an attacker may be able to obtain secret values, such as memory addresses, by reading out-of-bounds memory. These values can then be used to get around security measures like ASLR and increase the likelihood of successfully exploiting a different danger to achieve code execution read more Zero-Day Alert Update Chrome Now to Fix New Actively Exploited Vulnerability. Get up to date o...
New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP
News

New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

Google has released security patches for the Chrome browser to fix a zero-day vulnerability of high severity that it claims has been used in the wild. The WebRTC framework contains a heap-based buffer overflow vulnerability that has been given the CVE identification CVE-2023-7024. It has been described as a vulnerability that might be exploited to cause software crashes or arbitrary code execution. On December 19, 2023, Clément Lecigne and Vlad Stolyarov from Google's Threat Analysis Group (TAG) are credited with finding and disclosing the vulnerability. To stop additional misuse, Google has disclosed no other information regarding the security flaw read more New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP. Get up to date on the latest cybersecurity news ...
Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies
News

Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies

As part of its efforts to phase out third-party cookies in the web browser, Google on Thursday announced that it will begin testing a new feature called "Tracking Protection" to 1% of Chrome users starting on January 4, 2024. According to Anthony Chavez, vice president of Google's Privacy Sandbox, the setting is intended to prevent "cross-site tracking by restricting website access to third-party cookies by default." The tech giant announced that users who are chosen at random to participate in Tracking Protection will receive notification when they open Chrome on an Android device or desktop. The intention is to limit third-party cookies (also known as "non-essential cookies") by default, so that they can't be used to track users across websites read more Google's New Tracking P...
Google Chrome emergency update fixes 6th zero-day exploited in 2023
News

Google Chrome emergency update fixes 6th zero-day exploited in 2023

In order to combat ongoing attacks, Google has released an emergency security update today that addresses the sixth Chrome zero-day vulnerability of the year. In a new security advisory released today, the company acknowledged the existence of an exploit for the security flaw (tracked as CVE-2023-6345).Google said, "We are aware that there is a live exploit for CVE-2023-6345. Patched versions of the software are now being distributed worldwide to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199), addressing the vulnerability in the Stable Desktop channel. As of earlier today, when BleepingComputer checked for updates, the security update was instantly available, despite the advisory stating read more Google Chrome emergency update fixes 6th zero-day ex...
Google rolls out Privacy Sandbox to use Chrome browsing history for ads
News

Google rolls out Privacy Sandbox to use Chrome browsing history for ads

The Privacy Sandbox, a new interest-based advertising platform from Google, has begun to roll out, moving user interest tracking from third-party cookies to the Chrome browser. Users will now notice an alert labeled "Enhanced ad privacy in Chrome" while opening the Google Chrome browser, which briefly introduces the new ad platform. The new Chrome alert states, "We're launching new privacy features that give you more control over the ads you see."Chrome makes topical notes based on your most recent browsing activity. Additionally, the websites you frequent can tell what you enjoy. Later, websites may ask you for this data so they can display you tailored advertisements read more Google rolls out Privacy Sandbox to use Chrome browsing history for ads. Stay informed with the be...
Google Chrome’s New Feature Alerts Users About Auto Removal of Malicious Extensions
News

Google Chrome’s New Feature Alerts Users About Auto Removal of Malicious Extensions

In the forthcoming release of its Chrome web browser, Google has revealed plans to include a new feature that will notify users when an extension they have installed has been taken down from the Chrome Web Store. Users can receive notifications when an add-on has been delisted by a developer, taken down due to a violation of Chrome Web Store guidelines, or identified as malicious software thanks to the functionality, which will debut alongside Chrome 117. The tech behemoth announced that it would highlight such extensions under a "Safety check" section in the browser settings page's "Privacy and security" subsection read more Google Chrome's New Feature Alerts Users About Auto Removal of Malicious Extensions. Stay informed with the best cybersecurity news and raise your cybersecu...
Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts
News

Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

Security researchers have issued another alert regarding a security problem that is spreading thanks to public interest in ChatGPT and is posing as a Chrome extension this time. Using a legal open source "ChatGPT for Google" extension as a base, threat actors allegedly injected malicious code intended to harvest Facebook session cookies, according to a blog post by Guardio. Malicious sponsored search engine results then led users to the extension.To test the new algorithm, you search for "Chat GPT 4," a...