Search results for google chrome canary | Breaking Cybersecurity News | The Hacker News

The collection of slashes and hyphens in URLs of websites make it look complicated and messy, now the new experimental version of the Google Chrome browser bury the whole URL into the top-level domain name. Google's new experiment to the recent update to Chrome 's publicly available Canary browser indicates that in the coming weeks Google may eventually hide the full URLs of the websites and will show only the website name and domain even if you are navigating within the website, something familiar with the mobile version of Safari. Chrome Canary is an early build and a leading-edge of the next version of Google's web browser and a couple of days ago, Google pushed an update to both of its Chrome Canary and beta builds that hide long URLs of a website from the address bar. OMNIBOX - NEW ADDRESS BAR The field that is mostly known as address bar is now better known as "omnibox", a single bar at the top of the screen that gives you ability to type terms you want to ...

To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use...

Along with the release of Chrome 37 for Windows, Mac, and Linux , Google today also released a long-awaited 64-bit stable version of its Chrome browser for Windows systems. The company has been working on the 64-bit support for Windows 7 and Windows 8 since June. Back in June, Google first released Chrome 64-bit only in the browser's Dev and Canary channels. Then in July, the beta channel received the same update, and now, finally Chrome 64-bit is available in the stable channel. The new 64-bit version of Chrome offers three main advantages: Speed Security Stability Therefore, for those of you on a compatible 64-bit system, this new version will offer faster performance as well as security and stability enhancements in comparison to 32-bit version. But, Chrome 64-bit is still an opt-in process. So, if you want to take advantage of it, you can hit the new "Windows 64-bit" download link over at google.com/chrome . SPEED ENHANCEMENT Google claims that certain ...

Today Malware is a very real threat, and if you're not careful about what you download and install, you could end up with a serious problem. But now Google will be trying their very best to block malware from installing itself on your computer on your behalf. Google has developed a security feature for Chrome that lets the browser detect and stop malware downloads. The feature has been added to Chrome Canary, the latest version of the browser which is available to download in beta form now. All you'll see is a notification like the one below, which you can then dismiss: " These malicious programs disguise themselves so you won't know they're there and they may change your homepage or inject ads into the sites you browse. Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state. " wrote Linus Upson, a Google vice president, in a blog post . Google is implementing...

Google is trying every effort to make the World Wide Web faster for Internet users. The company has announced plans to propose its homemade networking protocol, called Quick UDP Internet Connections (QUIC) , to the Internet Engineering Task Force (IETF) in order to make it the next-generation Internet standard. Probably the term QUIC is new for you, but if you use Google's Chrome browser then there are chances that you have used this network protocol already. What is QUIC? QUIC is a low-latency transport protocol for the modern Internet over UDP, an Internet protocol that is often used for streaming media, gaming and VoIP services. The search engine giant first unveiled the experimental protocol QUIC and added it to Chrome Canary update in June 2013. The protocol already included a variety of new features, but the key feature is that QUIC runs a stream multiplexing protocol on top of UDP instead of TCP. The Idea behind QUIC: QUIC was developed to s...

Microsoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser. However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds for developers. Both previews build— "Canary"  that will be updated daily, and "Developer"  that will be updated every week—are now available for download from the Microsoft's new Edge insider website . Here's how Microsoft differentiates Canary and Developer builds: "Every night, we produce a build of Microsoft Edge — if it passes automated testing, we'll release it to the Canary channel. We use this same channel internally to validate bug fixes and test brand new features. The Canary channel is truly the bleeding edge, so you may discover bugs...

Google is planning to make Chrome faster in order to provide its users fast Internet browsing experience. Thanks to a new, open-source data and web compression algorithm for the Internet called Brotli , which Google announced last year to boost its web page performance. With Brotli, Google will speed up Chrome and users could get a significant performance boost in coming months. Google introduced Brotli last September and claimed that the new algorithm is a "whole new data format" that could reduce file sizes by up to 26 percent higher than Zopfli , the company's three-year-old web compression technology. Net result – Fast Internet Browsing In a post on Google+ on Tuesday, web performance engineer at Google Ilya Grigorik announced that the new algorithm is coming to Chrome soon, which will change the way files are compressed, improving loading speeds by a quarter. Besides faster loading speeds, Brotli also have additional benefits for smartphone users, which ...

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called  CryptBot  and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau  said  the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was  first discovered  in the wild in December 2019. The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as...

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Okay, then before going to the in-depth details, first have a look at this demo web page  ( note: you may experience downtime due to high traffic on demo server ), set up by Chinese security researcher Xudong Zheng, who discovered the attack. " It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL o...

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to this malware family's previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files." XCSSET is a sophisticated modular macOS malware that's known to target users by infecting Apple Xcode projects. It was first documented by Trend Micro in August 2020. Subsequent iterations of the malware have been found to adapt to compromise newer versions of macOS as well as Apple's own M1 chipsets. In mid-2021, the cybersecurity company noted that XCSSET had been updated to exfiltrate d...

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader , the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary  said  in a new report. ChromeLoader is a rogue Chrome browser extension and is typically distributed in the form of ISO files via pay-per-install sites and baited social media posts that advertise QR codes to cracked video games and pirated movies. While it primarily functions by hijacking user search queries to Google, Yahoo, and Bing and redirecting traffic to an advertising site, it's also notable for its use of PowerShell to inject itself into the browser and get the extension added. The malware, also known as Choziosi Loader, was first documented by G DATA earlier this February. "For now the only purpose is getting revenue via unsolicited adverti...

The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow's breach. This week's recap explores the trends driving that constant churn: how threat actors reuse proven tactics in unexpected ways, how emerging technologies widen the attack surface, and what defenders can learn before the next pivot. Read on to see not just what happened, but what it means—so you can stay ahead instead of scrambling to catch up. ⚡ Threat of the Week Google Patches Actively Exploited Chrome 0-Day — Google released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability, CVE-2025-10585, has been described as a type confusion issue in the V8 JavaScript ...

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI risks, and attacks on developers are growing. Here's what mattered most in security this week. ⚡ Threat of the Week Fortinet Warns of Another Silently Patched and Actively Exploited FortiWeb Flaw — Fortinet has warned that a new security flaw in FortiWeb has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. It has been addressed in version 8.0.2. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an a...

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot . Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking session...

Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to persistently track users across the web. Dubbed  DrawnApart , the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper, adding "variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript." A device fingerprint or machine fingerprint is information that is collected about the hardware, installed software, as well as the web browser and its associated add-ons from a remote computing device for the purpose of unique identification. Fingerprints can be a double-edged sword. On the one hand, a fingerprint algorithm may allow a service provider (e.g., bank) to detect and prevent identity theft and credit card fraud. But ...

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don't seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It's worth asking: what patterns are we missing, and what signals are we ignoring because they don't match old playbooks? This week's reports bring those quiet signals into focus—from attacks that bypassed MFA using trusted tools, to supply chain compromises hiding behind everyday interfaces. Here's what stood out across the cybersecurity landscape: ⚡ Threat of the Week Cloudflare Blocks Massive 7.3 Tbps DDoS Attack — Cloudflare said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, the company said, targeted an unnamed hosting provider and delivered 37.4 terabytes in 45 seconds. It origi...

Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week's edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons. From major software bugs to AI abuse and new phishing tricks, each story shows how fast the threat landscape is shifting and why security needs to move just as quickly. ⚡ Threat of the Week Dozens of Orgs Impacted by Exploitation of Oracle EBS Flaw — Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, according to Google Threat Intelligence Group (GTIG) and Mandiant. The activity, which bears some hallmarks associated with the Cl0p ransomware crew, is assessed to have fashio...