Tag: browser
-
Google fixed the first actively exploited Chrome zero-day since the start of the year
by
in SecurityNewsGoogle fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked asCVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle…
-
Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
by
in SecurityNewsAngreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. First seen on golem.de Jump to article: www.golem.de/news/dringend-patchen-gefaehrliche-zero-day-luecke-in-chrome-fuer-spionage-ausgenutzt-2503-194682.html
-
Google fixes Chrome zero-day exploited in espionage campaign
by
in SecurityNewsGoogle has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild
by
in SecurityNewsGoogle has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783. This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections. The update, version 134.0.6998.177 for Windows, addresses this critical issue and is set to roll out over the coming days.…
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
by
in SecurityNewsGoogle has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
by
in SecurityNewsKaspersky Labs has uncovered a sophisticated cyber-espionage campaign”, dubbed Operation ForumTroll”, leveraging a previously unknown Google Chrome zero-day exploit, now First seen on securityonline.info Jump to article: securityonline.info/cve-2025-2783-chrome-zero-day-exploited-in-state-sponsored-espionage-campaign/
-
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
by
in SecurityNews
Tags: attack, browser, chrome, cve, exploit, google, kaspersky, remote-code-execution, vulnerability, zero-dayThe vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
-
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
by
in SecurityNewsRilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive…
-
Advanced Malware Targets Cryptocurrency Wallets
by
in SecurityNewsMore attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers. The malware targets many widely used cryptocurrency wallet browser extensions: 1. Bitget Wallet (Formerly BitKeep) 2. Trust Wallet 3. TronLink…
-
New phishing campaign uses scareware to steal Apple credentials
by
in SecurityNewsThe campaign previously targeted Windows users: According to LayerX researchers, the campaign has been seen targeting Mac users only in the last few months. Initially, it targeted Windows users by masquerading as Microsoft security alerts.Designed to steal user credentials, threat actors have apparently shifted focus to Mac users owing to new security features being rolled…
-
Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code
by
in SecurityNewsGoogle has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden digital landscape. The latest version, 134.0.6998.117/.118, is being rolled out across Windows, Mac, and Linux…
-
Popular AI tools tricked to create malware for Chrome browser
First seen on scworld.com Jump to article: www.scworld.com/news/popular-ai-tools-tricked-to-create-malware-for-chrome-browser
-
In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw. The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-critical-chrome-bug-capital-one-hacker-resententencing-story-of-expat-flaw/
-
Google warnt: Kritische Sicherheitslücke in Chrome gefährdet Nutzer
by
in SecurityNewsViele Details nennt Google zu der Chrome-Lücke nicht, eine Schadcodeausführung ist aber nicht auszuschließen. Angriffe gelingen aus der Ferne. First seen on golem.de Jump to article: www.golem.de/news/google-warnt-kritische-sicherheitsluecke-in-chrome-gefaehrdet-nutzer-2503-194497.html
-
How to detect Headless Chrome bots instrumented with Playwright?
by
in SecurityNewsHeadless Chrome bots powered by Playwright have become a go-to tool for bot developers due to their flexibility and efficiency. Playwright’s cross-browser capabilities, coupled with an API similar to Puppeteer and the lightweight nature of Headless Chrome, make it a powerful choice for tasks like web scraping, credential First seen on securityboulevard.com Jump to article:…
-
Microsoft identifies new RAT targeting cryptocurrency wallets and more
A previously unreported remote access trojan that Microsoft researchers dubbed StilachiRAT is designed to steal a wide range of data, including information about cryptocurrency wallet extensions for Google’s Chrome browser. First seen on therecord.media Jump to article: therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets
-
Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers
A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-researcher-llm/
-
StilachiRAT Exploits Chrome for Crypto Wallets and Credentials
by
in SecurityNewsStilachiRAT: Sophisticated malware targets crypto wallets credentials. Undetected, it maps systems steals data. Microsoft advises strong security measures. First seen on hackread.com Jump to article: hackread.com/stilachirat-exploits-chrome-crypto-wallets-credentials/
-
Firefox vor Version 128: Root-Zertifikat läuft am 14. März 2025 ab
by
in SecurityNews
Tags: browserKurze Informationen für Leute, die noch einen Firefox als Browser in Altversionen vor Version 128 (bzw. vor der ESR-Version 115.13) betreiben. Da läuft das Root-Zertifikat am 14. März 2025 ab. Sprich: Der Browser kann nicht mehr auf https-Seiten zugreifen. Die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/13/firefox-vor-version-128-root-zertifikat-laeuft-am-14-maerz-2025-ab/
-
Mozilla Issues Urgent Firefox Update Warning to Prevent Add-on Failures
by
in SecurityNewsMozilla has issued an urgent warning to all Firefox users, emphasizing the need to update their browsers before a critical root certificate expires on March 14, 2025. This certificate is used to verify signed content and add-ons across various Mozilla projects, including Firefox. Failure to update to version 128 or higher (or ESR version 115.13+…
-
How to detect Headless Chrome bots instrumented with Puppeteer?
by
in SecurityNewsHeadless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use, combined with the lightweight nature of Headless Chrome, makes it a preferred tool over its full-browser counterpart. It is commonly used for web scraping, credential stuffing attacks, and the First seen on securityboulevard.com Jump to article:…
-
WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
by
in SecurityNewsBrowser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate.”On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire,” Mozilla said.”Without updating…
-
Get off that old Firefox by Friday or you’ll be sorry, says Moz
by
in SecurityNews
Tags: browserRoot cert expiry may bring breakage or worse for add-ons, media playback, and more First seen on theregister.com Jump to article: www.theregister.com/2025/03/13/mozilla_certificate_update/
-
Mozilla warns users to update Firefox before certificate expires
by
in SecurityNewsMozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company’s root certificates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/mozilla-warns-users-to-update-firefox-before-certificate-expires/
-
Latest Chrome Update Addresses Multiple High-Risk Security Issues
Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel. This update includes several high-priority security fixes to safeguard users against potential threats. The rollout will occur over the coming days and…
-
Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes
In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. **……
-
How to Install Librewolf
by
in SecurityNewsWhen configured properly, Mozilla Firefox offers great privacy and security. However, achieving a higher level of privacy and security in Mozilla Firefox requires many tweaks across all levels. Some users may not be too comfortable with this and may prefer an out-of-the-box solution that isn’t Chromium dependent. Enter Librewolf – which aims to be user…
-
Cloudflare’s bot bouncer blocks weirdo browsers
by
in SecurityNewsNot on Firefox or a Chrome derivative? You shall not pass First seen on theregister.com Jump to article: www.theregister.com/2025/03/04/cloudflare_blocking_niche_browsers/
-
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities
by
in SecurityNewsChrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-134-firefox-136-patch-high-severity-vulnerabilities/
-
Chrome 134 Launches with Patches for 14 Crash-Inducing Vulnerabilities
by
in SecurityNewsGoogle has rolled out Chrome 134 to the stable channel for Windows, macOS, and Linux, addressing14 security vulnerabilities”, including high-severity flaws that could enable remote code execution or crashes. The update, version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS, follows weeks of testing and includes critical fixes for vulnerabilities in components like…