Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks
Tag: Google Chrome
Google engineers fixed Chrome 0-day vulnerability that was already under attacks
Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome… Continue reading Google engineers fixed Chrome 0-day vulnerability that was already under attacks
295 Chrome extensions injected ads in search results
AdGuard analysts have identified 295 malicious extensions in the Chrome Web Store that have been installed over 80,000,000 times. These Chrome browser extensions injected ads into Google and Bing search results. Most of the dangerous extensions masked themselves as ad blockers and were easily found by queries such as adblock, adguard, ublock, ad blocker, and… Continue reading 295 Chrome extensions injected ads in search results
Experts discovered Chrome largest spyware installation campaign
Specialists from the company Awake Security reported about currently perhaps the largest spyware campaign for installing spyware in Google Chrome. As part of the campaign, criminals registered thousands of domains and used extensions in Chrome to install malware on victims’ devices. Users installed spyware through 32,962,951 downloads of various malicious extensions. “The Awake Security Threat… Continue reading Experts discovered Chrome largest spyware installation campaign
Mandrake malware was hiding on Google Play for more than four years
Bitdefender experts found Mandrake spyware in the official Android app store, hiding on Google Play for four years (since 2016). The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on. At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus,… Continue reading Mandrake malware was hiding on Google Play for more than four years
Due to the pandemic Google developers re-enabled FTP support for Chrome
Most recently, I wrote that Firefox developers plan to remove from their browser support for the FTP protocol, as consider it to be unsafe. At the same time, Google re-enabled FTP support for Chrome. Google developers have been talking about abandoning FTP since 2014, since very few browser users (0.1-0.2%) use the protocol. In 2018,… Continue reading Due to the pandemic Google developers re-enabled FTP support for Chrome
Shitcoin Wallet for Google Chrome steals cryptocurrency passwords and keys
One of the extensions for Google Chrome, Shitcoin Wallet injects a special JavaScript code into web pages. Using this code, attackers steal passwords and private keys from cryptocurrency wallets and services. The first problematic addon appeared on December 9th. The extension received the identifier ckkgmccefffnbbalkmbbgebbojjogffn. Shitcoin Wallet developers claim that the extension allows users to… Continue reading Shitcoin Wallet for Google Chrome steals cryptocurrency passwords and keys