#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Google Chrome | Breaking Cybersecurity News | The Hacker News

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability
Jan 17, 2024 Browser Security / Vulnerability
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519 , concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to MITRE's Common Weakness Enumeration ( CWE ). Additional details about the nature of the attacks and the threat actors that may be exploiting it have been withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024. "Out-of-bounds memory access in V8 in Google Chrome prior to 120.

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Nov 29, 2023 Zero-Day / Web Browser
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as  CVE-2023-6345 , the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw on November 24, 2023. As is typically the case, the search giant  acknowledged  that "an exploit for CVE-2023-6345 exists in the wild," but stopped short of sharing additional information surrounding the nature of attacks and the threat actors that may be weaponizing it in real-world attacks. It's worth noting that Google released patches for a similar integer overflow flaw in the same component ( CVE-2023-2136 ) in April 2023 that had also come under active exploitation as a zero-day, raising the possibility that CVE-202

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
Sep 12, 2023 Browser Security / Zero Day
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as  CVE-2023-4863 , the issue has been described as a case of  heap buffer overflow  that resides in the  WebP image format  that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto's Munk School have been credited with discovering and reporting the flaw on September 6, 2023. The tech giant has yet to disclose additional details about the nature of the attacks, but noted that it's "aware that an exploit for CVE-2023-4863 exists in the wild." With the latest fix, Google has addressed a total of four zero-day vulnerabilities in Chrome since the start of the year - CVE-2023-2033  (CVSS score: 8.8) - Type Confusion in V8 CVE-2023-2136  (CVSS score: 9.6) - Integer overflow in Skia CVE-2023-3079

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies
Sep 11, 2023 Privacy / Online Security
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it  announced the plans . "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google,  said . "Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting." To that end, the search giant is initially leaving nearly three percent of users unaffected by the change in order to conduct sufficient tests. General availability is expected to encompass all users in the coming months. Privacy Sandbox is Google's  umbrella term  for a set of technologies that aim to eliminate third-party tracking cookies on the web and replace them

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
Aug 10, 2023 Malware / Cyber Threat
A new information malware strain called  Statc Stealer  has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar  said  in a technical report published this week. "It can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. Additionally, it targets cryptocurrency wallets, credentials, passwords, and even data from messaging apps like Telegram." Written in C++, the malicious stealer finds its way into victim systems when potential victims are tricked into clicking on seemingly innocuous ads, with the stealer imitating an MP4 video file format on web browsers like Google Chrome. The first-stage payload, while dropping and executing a decoy PDF installer, also stealthily deploys a downloader

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Apr 22, 2023 Patch Management / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The  three vulnerabilities  are as follows - CVE-2023-28432  (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350  (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136  (CVSS score - TBD) - Google Chrome Skia Integer Overflow Vulnerability "In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure," MinIO maintainers  said  in an advisory published on March 21, 2023. Data gathered by GreyNoise shows that as many as  18 unique malicious IP addresses  from the U.S., the Netherlands, France, Japan, and Finland have  attempted to exploit  the flaw over the past 30 days. The threat intelligence company, in an  alert  p

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Apr 15, 2023 Zero-Day / Browser Security
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as  CVE-2023-2033 , the high-severity vulnerability has been described as a  type confusion issue  in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant  acknowledged  that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors. CVE-2023-2033 also appears to share similarities with  CVE-2022-1096

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk
Jan 12, 2023 Browser Security / Data Safety
Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with  symlinks  when processing files and directories," Imperva researcher Ron Masas  said . "Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files." Google characterized the medium-severity issue (CVE-2022-3656) as a case of insufficient data validation in File System,  releasing   fixes  for it in versions 107 and 108 released in October and November 2022. Dubbed SymStealer, the vulnerability, at its core, relates to a type of weakness known as symbolic link (aka symlink) following, which  occurs  when an attacker abuses the feature to bypass the file system restrictions of a progra

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Dec 03, 2022 Threat Detection / Zero Day
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as  CVE-2022-4262 , concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution. According to the NIST's National Vulnerability Database, the flaw  permits  a "remote attacker to potentially exploit heap corruption via a crafted HTML page." Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse. CVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
Dec 01, 2022 Threat Detection / Zero Day
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens  said  in a write-up. Variston, which has a  bare-bones website , claims to "offer tailor made Information Security Solutions to our customers," "design custom security patches for any kind of proprietary system," and support the "the discovery of digital information by [law enforcement agencies]," among other services. The vulnerabilities, which have been patched by Google, Microsoft, and Mozilla in 2021 and early 2022, are believed to

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos
Nov 22, 2022
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX . Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an adversary-in-the-middle (AiTM) attack. ViperSoftX, which first  came to light  in February 2020, was characterized by  Fortinet  as a JavaScript-based remote access trojan and cryptocurrency stealer. The malware's use of a browser extension to advance its information-gathering goals was documented by Sophos threat analyst  Colin Cowie  earlier this year. "This multi-stage stealer exhibits interesting hiding capabilities, concealed as small PowerShell scripts on a single line in the middle of otherwise innocent-looking large log files, among others," Avast researcher Jan Rubín  said

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content
Sep 02, 2022
A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson. While the problem exists in Apple Safari and Mozilla Firefox as well, what makes the issue severe in Chrome is that the requirement for a user gesture to copy content to the clipboard is currently broken. User gestures include selecting a piece of text and pressing Control+C (or ⌘-C for macOS) or selecting "Copy" from the context menu. "Therefore, a gesture as innocent as clicking on a link or pressing the arrow key to scroll down the page gives the website permission to overwrite your system clipboard," Johnson  noted . The ability to substitute clipboard data poses se

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Aug 31, 2022
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole  said . "The latter borrows several phrases from another popular extension called GoFullPage." The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows - Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) - 800,000 downloads Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) - 300,000 downloads Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) - 200,000 downloads AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) - 20,000 downloads The extensions are designed to load a pi

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
Aug 17, 2022
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as  CVE-2022-2856 , the issue has been described as a case of insufficient validation of untrusted input in  Intents . Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022. As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it  acknowledged  in a terse statement. The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads. The development marks the fifth zero-day vulnerab

Malicious Browser Extensions Targeted Over a Million Users So Far This Year

Malicious Browser Extensions Targeted Over a Million Users So Far This Year
Aug 17, 2022
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company  said . As many as 1,311,557 users fall under this category in the first half of 2022, per Kaspersky's telemetry data. In comparison, the number of such users peaked in 2020 at 3,660,236, followed by 1,823,263 unique users in 2021. The most prevalent threat is a family of adware called WebSearch, which masquerade as PDF viewers and other utilities, and comes with capabilities to collect and analyze search queries and redirect users to affiliate links. WebSearch is also notable for modifying the browser's start page, which contains a search engine and a number of links to third-party sour

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists
Jul 22, 2022
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to  Candiru  (aka Saito Tech), which has a history of  leveraging previously unknown flaws  to deploy a Windows malware dubbed DevilsTongue , a modular implant with  Pegasus -like capabilities. Candiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were  added to the entity list  by the U.S. Commerce Department in November 2021 for engaging in "malicious cyber activities." "Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties," security researcher Jan Vojtěšek, who reported the discovery of the flaw,  said  in a write-up. "We believe the attacks were highly targeted."

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild
Jul 05, 2022
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as  CVE-2022-2294 , relates to a heap overflow flaw in the  WebRTC  component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the  heap area of the memory , leading to arbitrary code execution or a denial-of-service (DoS) condition. "Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE  explains . "When the consequence is arbitrary code execution, this can often be used to subvert any other security service." Credited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Thre

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome
Jun 09, 2022
Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company  Proofpoint , which observed the component on June 6. The development comes amid a  spike  in  Emotet   activity  since it was resurrected late last year following a 10-month-long hiatus in the wake of a law enforcement operation that  took down its attack infrastructure  in January 2021. Emotet, attributed to a threat actor known as TA542 (aka Mummy Spider or Gold Crestwood), is an advanced, self-propagating and modular trojan that's delivered via email campaigns and is used as a distributor for other payloads such as ransomware. As of April 2022, Emotet is still the most popular malware with a global impac

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal
Apr 25, 2022
Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to "execute commands remotely within [through] VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved uploading a DjVu file via the platform's web user interface that when passed to multiple third-party malware scanning engines could trigger an exploit for a high-severity remote code execution flaw in ExifTool , an op

'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
Mar 28, 2022
The operators of the  Purple Fox malware  have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers  said  in a report published on March 25, 2022. "The installers are actively distributed online to trick users and increase the overall botnet infrastructure." The findings follow  prior research  from Minerva Labs that shed light on a similar modus operandi of leveraging fraudulent Telegram applications to distribute the backdoor. Other disguised software installers include WhatsApp, Adobe Flash Player, and Google Chrome. These packages act as a first-stage loader, triggering an infection sequence that leads to the deployment of a second-stage payload from a remote server and culminating in the
Cybersecurity Resources