Sep 17, 2024Ravie LakshmananBrowser Security / Quantum Computing Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, … [Read more...] about Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
chrome
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of … [Read more...] about North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more … [Read more...] about New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
Google to Block Entrust Certificates in Chrome Starting November 2024
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed … [Read more...] about Google to Block Entrust Certificates in Chrome Starting November 2024
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
Jun 28, 2024NewsroomCyber Espionage / Cyber Attack The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension … [Read more...] about Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
Google Chrome Adds V8 Sandbox
Apr 08, 2024NewsroomSoftware Security / Cybersecurity Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 … [Read more...] about Google Chrome Adds V8 Sandbox
Google Adds Quantum-Resistant Encryption in Chrome 116
Aug 11, 2023THNEncryption / Browser Security Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published … [Read more...] about Google Adds Quantum-Resistant Encryption in Chrome 116
Dozens of malicious extensions for Google Chrome
Not so long ago, a few dozen malicious plugins were discovered in the Chrome Web Store (the official browser extension store for Google Chrome). The most popular of these extensions had over nine million downloads, and altogether these plugins had been downloaded around 87 million times. We explain what these extensions are and why they’re dangerous. Malicious extensions in the … [Read more...] about Dozens of malicious extensions for Google Chrome
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability
Jun 06, 2023Ravie LakshmananBrowser Security / Vulnerability Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis … [Read more...] about Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability
Update Google Chrome (and other Chromium-based browsers)
Another day – another browser vulnerability discovered! Indeed, the number of dangerous security holes has doubled within a week! Only recently we highlighted the urgent need to update iOS and macOS due to a major bug in Apple WebKit (the engine inside Safari and other browsers in iOS). And now, due to a similar threat in terms of exploitability, you need to update other … [Read more...] about Update Google Chrome (and other Chromium-based browsers)