#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Google Chrome | Breaking Cybersecurity News | The Hacker News

Google Chrome Silently Listening to Your Private Conversations

Google Chrome Silently Listening to Your Private Conversations

Jun 25, 2015
Google was under fire of downloading and installing a Chrome extension surreptitiously and subsequently listened to the conversations of Chromium users without consent. After these accusations, a wave of criticism by privacy campaigners and open source developers has led Google to remove the extension from Chromium , the open-source version of the Chrome browser. The extension in question is " Chrome Hotword ," which was found to be responsible for offering the browser's famous " OK, Google " functionality. ' Ok, Google ' is certainly a useful feature that allows users to search for things via their voice when they use Google as their default search engine, but its something that also enables eavesdropping of every single conversation made by a user. Google Silently Listens to your Conversation This issue came to light by Pirate Party founder Rick Falkvinge , who says Google has silently installed black box code into the open-so
I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here’s My Secret.

I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here's My Secret.

Jun 12, 2015
I don't know about your part, but I make heavy use of tabs. I currently have 200+ tabs open in my Google Chrome Web browser. And sometimes the number is even more. For me it's a daily thing, as I regularly open new tabs because of my habit of reading lots of stuff online, including cyber security updates, hacking news, knowledgeable articles of various categories, new recipes to cook something delicious and, of course, funny viral videos. Browsers — Everything for us, But Biggest Memory Eaters! I think you'll agree with me when I say: It's really hard to manage so many tabs on Chrome — and Firefox too. But worse still is the obstruction in the performance of your computer, as the tabs continue to run background processes and feed on your system's memory. It gets difficult to sort through them, everything slows down, and sometimes it crashes the browser itself. Doesn't it? But, I really don't face any issue while surfing on 200+ tabs at one time
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hacker Finds a Simple Way to Bypass Google Password Alert

Hacker Finds a Simple Way to Bypass Google Password Alert

May 02, 2015
Less than 24 hours after Google launched the new Phishing alert extension Password Alert , a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users' account. However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google's new Password Alert extension. Google shortly fixed the issue and released a new update to Password Alert extension that blocked the Moore's exploit. However, Moore discovered another way to block the new version of Password Alert, as well. The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five mil
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Earn up to $15,000 for Hacking Microsoft Spartan Browser

Earn up to $15,000 for Hacking Microsoft Spartan Browser

Apr 23, 2015
If you're a bug hunter and love playing with codes than you could grab as much as US$15,000 from Microsoft for finding out vulnerabilities in its latest Project Spartan browser . Yes, $15,000! It seems like Redmond don't want to take a chance to let hackers and cyber criminals get their hands on the company's latest Windows 10 operating system. On Wednesday, Microsoft announced that the company will be expanding its bug bounty program ahead of the release of Windows 10, which will include a two-month hunt for vulnerabilities in its new web browser, Project Spartan. So, it's time for security researchers and hackers to earn extra cash from Microsoft. For those who are unaware… What's Project Spartan? Project Spartan is Microsoft's project for its new web browser to replace the oldest Internet Explorer from its Windows operating system. Though the project is still very much under the developmental stage, Microsoft is making every effort to make Spartan
How to Disable Mixed Content Security Warning in Google Chrome

How to Disable Mixed Content Security Warning in Google Chrome

Apr 20, 2015
If you are really upset with Chrome browsers warnings that your HTTPS enabled website contains unsecured third-party contents that sometimes force your users to close the tab, Google has solved this problem for you. With the release of the next version of Google's popular browser, Chrome 43 , it may be easier for developers and system administrators to ensure HTTPS websites are not compromised by insecure HTTP resources. Until now, the current browsers of Google flag a ' mixed-content warning ' in the form of a yellow triangle over the padlock if any HTTPS page loads any resource from an unencrypted HTTP URL. What's mixed content? And… ...Why should I worry about Mixed content if I am using HTTPS on my web pages? If, say, your website has HTTPS enabled but your website's pages are loading contents, such as images, retrieved through regular, clear text HTTP URLs, then it is believed that the connection is only partially encrypted. Partial
Google Launches Chrome 42 with Push Notifications

Google Launches Chrome 42 with Push Notifications

Apr 15, 2015
Google has finally rolled out the latest version of its popular web browser, i.e. Chrome 42 for Windows, Mac, and Linux users that now lets websites send you alerts, no matter your browser is open or not. The release of the latest Chrome 42 version is a great deal as it costs Google more than $21,000. Yes, $21,000! The latest version of Chrome comes with fixes for 45 security vulnerabilities in the web browser, reported by different security researchers [listed below]. Let's know about the Major updates : Major updates and significant improvements for Chrome version 42 includes: Advanced Push API and Notifications API Disabled Oracle's Java plugin by default as well as other extensions that use NPAPI Patched 45 security bugs and paid out more than $21,000 Push API : Google includes Push API in its web browser for the first time. Push API, when combined with the new notifications API, allows websites to push notifications to you through y
AwSnap! New Hack Can Crash Chrome Browsers of Mass Audience

AwSnap! New Hack Can Crash Chrome Browsers of Mass Audience

Apr 07, 2015
Few weeks back, we reported how a string of just 13 characters could cause your tab in Chrome to crash instantly . However, there was an exception that this special 13 characters string was only working on Mac OS X computers with no impact on Windows, Android, or iOS operating systems. Now, a recent hack against Chrome browser could crash your Chrome version 41 and above for Mac OS X, Windows and Chrome OS. At the time of writing, Chrome 41 seems to crash on long and/or malformed URLs. The details of this crash bug, dubbed as AwSnap , is described on Github . Warning: DO NOT CLICK on this LINK , which actually points to a Reddit thread that crashes Chrome browser because a Reddit user-submitted post containing the crash content. Just like a post, crashing a thread via a comment is also possible. Chrome crash occurs only when accessing the long and/or malformed URLs through a web server, which means using file:// will not crash your Chrome browser. Examples of
How To Run Android Apps in Chrome Browser with Google ARC

How To Run Android Apps in Chrome Browser with Google ARC

Apr 03, 2015
Last year at Google I/O developer event, Google launched a limited beta " App Runtime for Chrome " (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser . ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android s
Simplest Way to Check If Your Emails Are Being Tracked

Simplest Way to Check If Your Emails Are Being Tracked

Mar 23, 2015
You might be not aware of the companies that know pretty much everything related to your email activities like when you've opened email sent by one of their clients, where you are located, what device you're using, what link you click, all without your consent, even if you haven't click any link provided in that email. Companies like Yesware , Bananatag, and Streak track emails , usually by adding small pixels or images to those emails which inform the companies that when and where their emails have been opened by the recipients. If you find this something different then let you know that this sort of email tracking is very common practice adopted by many companies. However, in order to detect these tracking emails, now you have a simple but effective tool. UGLY EMAIL -- DETECT EMAIL TRACKERS Dubbed " Ugly Email ", a new Chrome extension warns you when an email you receive in your Gmail inbox have the ability to track you, and it even works before opening t
Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition

Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition

Mar 22, 2015
The Annual Pwn2Own Hacking Competition  2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year's hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, were compromised by the two security researchers. Sponsored by HP's Zero Day Initiative program, the Pwn2Own Hacking Competition ran two days at a security conference in Vancouver, Canada. The final highlights for Pwn2Own 2015 are quite impressive: 5 bugs in the Windows operating system 4 bugs in Internet Explorer 11 3 bugs in Mozilla Firefox 3 bugs in Adobe Reader 3 bugs in Adobe Flash 2 bugs in Apple Safari 1 bug in Google Chrome $557,500 USD bounty paid out to researchers The star of the show was South Korean secur
This String of 13 Characters Can Crash your Chrome on a Mac

This String of 13 Characters Can Crash your Chrome on a Mac

Mar 21, 2015
If you're currently on a Mac computer and using a Chrome browser then a weird little Apple's OS X quirk, just a special thirteen-characters string could cause your tab in Chrome to crash instantly. A string of 13 characters (appear to be in Assyrian ), shown below in an image, is all needed to crash any tab in Chrome for OS X, however, this text has no impact on Windows, Android, or iOS operating systems. This Chrome crash vulnerability has already been reported by an open-source project Chromium project, which means that Google is likely aware of this troublesome issue. What steps will reproduce the problem? Any page with [ that special character ] will crash the chrome tab on a Mac. Just create any dummy page with the unicode characters, and the Mac Chrome tab will crash hard. What is the expected result? Expect it not to crash What happens instead? It crashes Warning : Do not click on this link , which actually points to the bug report on the Chromiu
WhatsApp Web Client Now Available on Firefox and Opera Browsers

WhatsApp Web Client Now Available on Firefox and Opera Browsers

Feb 26, 2015
It's been a long time coming, but now the users of Firefox and Opera browsers don't need to rely on the Chrome browser to access WhatsApp Web client, as the most popular smartphone messaging service has announced that the Web-based version of its service now works on Firefox and Opera web browsers   too. WHATSAPP WEB AVAILABLE FOR OPERA & FIREFOX Almost a month ago, WhatsApp launched the web client of its service but the access was limited only to the Google Chrome users. Now, the company is giving more choices to desktop users by launching WhatsApp Web Today for Opera and Firefox browsers , though you'll still have to wait a little long if you're a Safari user. WhatsApp Web is nothing than an extension of the core mobile WhatsApp application. It syncs conversations from your smartphone devices to your PCs, with everything stored on the mobile device itself. HOW TO USE WHATSAPP ON PC/DESKTOP In order to install WhatsApp web in your PC or laptop running
Google Releases Chrome Extension for End-To-End Email Encryption

Google Releases Chrome Extension for End-To-End Email Encryption

Dec 18, 2014
Back in june this year, Google announced an alpha Google Chrome extension called " End-to-End " for sending and receiving emails securely, in wake of former NSA contractor Edward Snowden's revelations about the global surveillance conducted by the government law-enforcements. Finally, the company has announced that it made the source code for its End-to-End Chrome extension open source via GitHub . Google is developing a user-friendly tool for individuals to implement the tough encryption standard known as Pretty Good Privacy (PGP) in an attempt to fully encrypt people's Gmail messages that can't even be read by Google itself, nor anyone else other than the users exchanging the emails. PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. But implementing PGP is too complicated for m
How To Run Almost Any Android App On Windows, OS X, Linux with Chrome

How To Run Almost Any Android App On Windows, OS X, Linux with Chrome

Sep 22, 2014
From last week, Google began paving the way to run Android apps on Chrome Operating System through the project named " App Runtime for Chrome ", but the release came with a lot of limitations – it only supported certain Android apps and on Chrome OS only. At the launch, initially only 4 Android apps – Vine, Evernote, Duolingo and Sight Words – were added to the Chrome Web Store. That was pretty exciting, but it merely whet the appetite of users hungry for more functionality. So, what if you could run more than just 4 Android apps on Chrome OS? And Also could run them on other operating systems as well? A developer by the name of " Vlad Filippov " began working on it to stripped away the limits Google has imposed. He successfully figured out a way to bring more Android apps to Chrome , instead of just the four that are officially supported by Google. The bigger success was that when Filippov got Android apps to work on any desktop Operating System tha
Malware Can Bypass Chrome Extension Security Feature Easily

Malware Can Bypass Chrome Extension Security Feature Easily

Sep 06, 2014
Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe's Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once clicked, the links may lead victims to a site that automatically downloads the malicious browser extension . MALWARE INVOLVES DOWNLOADING MULTIPLE MALICIOUS FILES The process is quite complicated as the malware drops a downloader file which downloads multiple malicious files on the victim's computer. Moreover, the malicious program also has ability to bypass Google's recent security protection added to Chrome against installation of browser extensions that are not in Chrome Web Store. Researchers came across a baiting tweet that advertises " Facebook Secrets ", claiming to show videos
Google Chrome 64-bit Browser Finally Released As a Stable Version

Google Chrome 64-bit Browser Finally Released As a Stable Version

Aug 27, 2014
Along with the release of Chrome 37 for Windows, Mac, and Linux , Google today also released a long-awaited 64-bit stable version of its Chrome browser for Windows systems. The company has been working on the 64-bit support for Windows 7 and Windows 8 since June. Back in June, Google first released Chrome 64-bit only in the browser's Dev and Canary channels. Then in July, the beta channel received the same update, and now, finally Chrome 64-bit is available in the stable channel. The new 64-bit version of Chrome offers three main advantages: Speed Security Stability Therefore, for those of you on a compatible 64-bit system, this new version will offer faster performance as well as security and stability enhancements in comparison to 32-bit version. But, Chrome 64-bit is still an opt-in process. So, if you want to take advantage of it, you can hit the new "Windows 64-bit" download link over at google.com/chrome . SPEED ENHANCEMENT Google claims that certain
miniLock - Open Source File Encryption Tool from CryptoCat Developer

miniLock - Open Source File Encryption Tool from CryptoCat Developer

Jul 06, 2014
It's the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy. To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported . The encryption program is dubbed as miniLock , which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection. " The tagline is that this is file encryption that does more with less, " says Kobeissi, activist and security consultant. " It's super simple, approachable, and it's almost impossible to be confused using it. " Drag-and-drop interface here means, miniL
Hiding URLs in Google Chrome Could Be A Good Decision?

Hiding URLs in Google Chrome Could Be A Good Decision?

May 05, 2014
The collection of slashes and hyphens in URLs of websites make it look complicated and messy, now the new experimental version of the Google Chrome browser bury the whole URL into the top-level domain name. Google's new experiment to the recent update to Chrome 's publicly available Canary browser indicates that in the coming weeks Google may eventually hide the full URLs of the websites and will show only the website name and domain even if you are navigating within the website, something familiar with the mobile version of Safari. Chrome Canary is an early build and a leading-edge of the next version of Google's web browser and a couple of days ago, Google pushed an update to both of its Chrome Canary and beta builds that hide long URLs of a website from the address bar. OMNIBOX - NEW ADDRESS BAR The field that is mostly known as address bar is now better known as "omnibox", a single bar at the top of the screen that gives you ability to type terms you want to
Cybersecurity Resources