Search results for latest chrome version | Breaking Cybersecurity News | The Hacker News

Google has finally rolled out the latest version of its popular web browser, i.e. Chrome 42 for Windows, Mac, and Linux users that now lets websites send you alerts, no matter your browser is open or not. The release of the latest Chrome 42 version is a great deal as it costs Google more than $21,000. Yes, $21,000! The latest version of Chrome comes with fixes for 45 security vulnerabilities in the web browser, reported by different security researchers [listed below]. Let's know about the Major updates : Major updates and significant improvements for Chrome version 42 includes: Advanced Push API and Notifications API Disabled Oracle's Java plugin by default as well as other extensions that use NPAPI Patched 45 security bugs and paid out more than $21,000 Push API : Google includes Push API in its web browser for the first time. Push API, when combined with the new notifications API, allows websites to push notifications to you through y...

Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly. Yes, you can crash the latest version of Chrome browser with just a simple tiny URL. To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser. The issue was discovered by security researcher Andris Atteka , who explained in his blog post that just by adding a NULL char in the URL string could crash Chrome instantly. Atteka was able to crash the browser with a 26 character long string, which is given b...

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers. Tracked as CVE-2020-15999 , the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome. The vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation. Glazunov also immediately reported the zero-day vulnerability to FreeType developers, who then ...

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a new updated version of the extension. Google developed this Password Alert Chrome extension in an effort to alert Internet users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users’ account. Here’s the worst part: However, the first version of Password Alert was bypassed in less than 24 hours of its launch.  Security expert Paul Moore from UK-based Urity Group quickly circumvented the Anti-Phishing technology by pure JavaScript code of seven lines. Since then Google released Password Alert version 1.4, version 1.5 and version 1.6, but… ...all of them were bypassed, keeping users unaw...

Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers. Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome's audio component ( CVE-2019-13720 ) while the other resides in the PDFium ( CVE-2019-13721 ) library. The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software. Thus, both flaws could enable remote attackers...

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73. Tracked as CVE-2020-6519 (rated 6.5 on the CVSS scale), the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites. According to PerimeterX, some of the most popular websites, including Facebook, Wells Fargo, Zoom, Gmail, WhatsApp, Investopedia, ESPN, Roblox, Indeed, TikTok, Instagram, Blogger, and Quora, were susceptible to the CSP bypass. Interestingly, it appears that the same flaw was also highlighted by Tencent Security Xuanwu Lab more than a year ago, just a month after the release of Chrome 73 in March 2019, but...

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The flaw, which  was identified  in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company  Numen Cyber Technology  and has since been quietly fixed by the company. "This vulnerability occurs in the instruction selection stage, where the wrong instruction has been selected and resulting in memory access exception," Wang said . Use-after-free flaws  occur  when previous-freed memory is accessed, inducing undefined behavior and causing a program to crash, use corrupted data, or even achieve e...

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities , all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild. The brief description of the Chrome bugs, which impose a significant risk to your systems if left unpatched, are as follows: Integer overflow in ICU — Reported by André Bargull on 2020-01-22 Out of bounds memory access in streams (CVE-2020-6407) — Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 Type confusion in V8 (CVE-2020-6418) — Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two...

Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player. The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday. Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them. Critical Vulnerabilities These 18 security vulnerabilities, all deemed highly critical, are as follows: Type Confusion Vulnerability (CVE-2015-5573) Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682) Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678) Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2...

Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with it because it uses too much memory and power. Google has now solved these problems. The most recent release of Chrome ( Chrome 45 ) is intended to make your browsing experience faster and more efficient. Google launched Chrome 45 for Windows, Mac, Linux, and Android two days ago, but the company announced in an official blog post Friday that the new version includes several new updates that focus on making the browser load faster and use less memory. Also Read:  I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here's My Secret Chrome 45 Uses 10% Less RAM A major issue reported by Chrome users was the browser's consumption of PC mem...

Tuesday, Google announced a few changes to Chrome, its engineered-for-speed web browser. The super-fast beta version that was announced a few weeks ago has already been updated to a stable version. For the Googlers working on Chrome, speed entails not only faster code (the latest version of Chrome boasts a 66% improvement in JavaScript performance) but also easier-to-navigate interfaces. With that in mind, the company is rolling out a new Settings interface for all Chrome users. One major change is that Settings are now presented in a Chrome tab rather than a dialog box — a change that will seem familiar to those using Google’s Cr-48 notebooks, which run Chrome OS and present absolutely everything in a browser tab. Settings are also searchable, which many users will likely find extremely helpful. Here’s a brief demo video showing Chrome’s new Settings pages in action: Google has also extended its sandboxing features to Chrome’s Flash player. Interested parties can download...

Yet Another Google Chrome Sandbox Critical Exploit by Turkish security experts Turkish security experts from Arf Iskenderun Technologies, finds the new vulnerability open in Google Chrome 17.0.963.78 , same risk working on new update 17.0.963.79 and bypass Chrome SandBox. Last week,  Vupen Security reports that it has officially "pwned" Google Chrome's sandbox. Vupen hacked Chrome 17.0.963.66 update. But, Turkish security experts claim that they hacked Chrome Sandbox after Vupen and This vulnerability is critical for Chrome.  A sandbox is security mechanism used to run an application in a restricted environment. If an attacker is able to exploit the browser in a way that lets him run arbitrary code on the machine, the sandbox would help prevent this code from causing damage to the system. The sandbox would also help prevent this exploit from modifying and even reading your files or any information on the system. Maiden says th...

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible. "We've confirmed that approximately $7 million has been impacted and we will ensure all affected users are refunded," Trust Wallet said in a post on X. "Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users." Trust Wallet is also urging users to refrain from interacting with any messages that do not come from its official channels. Mobile-only users and all other browser extension versions are not affected. According to details shared by SlowMist...

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (CVE-2021-21220), which was demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at the  Pwn2Own 2021  hacking contest last week. While Google moved to fix the flaw quickly, security researcher Rajvardhan Agarwal published a  working exploit  over the weekend by reverse-engineering the patch that the Chromium team pushed to the open-source component, a factor that may have played a crucial role in the release. UPDATE:   Agarwal, in an email to The Hacker News, confirmed that there's one more vulnerability affecting Chromium-based browsers that has been patched in...

Less than 24 hours after Google launched the new Phishing alert extension Password Alert , a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users’ account. However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google’s new Password Alert extension. Google shortly fixed the issue and released a new update to Password Alert extension that blocked the Moore’s exploit. However, Moore discovered another way to block the new version of Password Alert, as well. The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five mil...

Adobe is recommending that users update their Flash Players immediately. The company has published an emergency security bulletin today, that addresses vulnerabilities the Flash Player and released a patch to fix a vulnerability which is currently being exploited in a sophisticated cyber espionage campaign. " Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin. " The vulnerability ( CVE-2014-0497 ), allows an attacker to remotely take control of the targeted system hosting Flash. " These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system " advisory said. The security hole affects the version 12.0.0.43 and earlier for both Windows and Mac OSs and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. The vulnerability was discovered by two researchers...

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk...