Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Chrome security. Show all posts
Privacy Concerns
Chrome Users Security Data Privacy data security Google Chrome Google Chrome security Google Updates Privacy Privacy Concerns

Google Expands Chrome Autofill to IDs as Privacy Concerns Surface

 

Google is upgrading Chrome with a new autofill enhancement designed to make online forms far less time-consuming. The company announced that the update will allow Chrome to assist with more than just basic entries like passwords or addresses, positioning the browser as a smarter, more intuitive tool for everyday tasks. According to Google, the feature is part of a broader effort to streamline browsing while maintaining privacy and security protections for users. 

The enhancement expands autofill to include official identification details such as passports, driver’s licenses, license plate numbers, and even vehicle identification numbers. Chrome will also improve its ability to interpret inconsistent or poorly structured web forms, reducing the need for users to repeatedly correct mismatched fields. Google says the feature will remain off until users enable it manually, and any data stored through the tool is encrypted, saved only with explicit consent, and always requires confirmation before autofill is applied. The update is rolling out worldwide across all languages, with additional supported data categories planned for future releases. 

While the convenience factor is clear, the expansion raises new questions about how much personal information users should entrust to their browser. As Chrome takes on more sensitive data, the line between ease and exposure becomes harder to define. Google stresses that security safeguards are built into every layer of the feature, but recent incidents underscore how vulnerable personal data can still be once it moves beyond a user’s direct control.  

A recent leak involving millions of Gmail-linked credentials illustrates this risk. Although the breach did not involve Chrome’s autofill system, it highlights how stolen data circulates once harvested and how credential reuse across platforms can amplify damage. Cybersecurity researchers, including Michael Tigges and Troy Hunt, have repeatedly warned that information extracted from malware-infected devices or reused across services often reappears in massive data dumps long after users assume it has disappeared. Their observations underline that even well-designed security features cannot fully protect data that is exposed elsewhere. 

Chrome’s upgrade arrives as Google continues to release new features across its ecosystem. Over the past several weeks, the company has tested an ultra-minimal power-saving mode in Google Maps to support users during low-battery emergencies, introduced Gemini as a home assistant in the United States, and enhanced productivity tools across Workspace—from AI-generated presentations in Canvas to integrated meeting-scheduling within Gmail. Individually, these updates appear incremental, but together they reflect a coordinated expansion. Google is tightening the links between its products, creating systems that anticipate user needs and integrate seamlessly across devices. 

This acceleration is occurring alongside major investments from other tech giants. Microsoft, for example, is expanding its footprint abroad through a wide-reaching strategy centered on the UAE. As these companies push deeper into automation and cross-platform integration, the competition increasingly revolves around who can deliver the smoothest, smartest digital experience without compromising user trust. 

For now, Chrome’s improved autofill promises meaningful convenience, but its success will depend on whether users feel comfortable storing their most sensitive details within the browser—particularly in an era where data leaks and credential theft remain persistent threats.
Read more »
Google Chrome security
Chromium Browser CVE CVE vulnerability Data Breach Data Leak Data Safety User Data data security Google Chrome Google Chrome security

Zero-Day Flaw in Chrome and Chromium Puts Windows and Linux Users at Data Risk

 

A newly revealed zero-day vulnerability identified as CVE-2025-4664 has triggered serious concerns for billions of Google Chrome and Chromium users. Security experts have warned that this flaw, which affects both Windows and Linux platforms, could be exploited to leak sensitive cross-origin data such as OAuth tokens and session identifiers—all without requiring any user action.  

The vulnerability has been discovered within the Loader component of Chrome and Chromium browsers. It is linked to how these browsers interpret the Link HTTP header for sub-resource requests such as images or scripts. While most mainstream browsers follow strict guidelines for handling such requests, Chrome’s unique behavior stands out. It continues to respect the referrer-policy directive even when loading sub-resources, which can unintentionally expose sensitive information. 

This default behavior can be manipulated by attackers. A malicious site could inject a loose policy like “unsafe-url,” which then forces the browser to reveal complete URLs—including potentially sensitive credentials or session data—to third-party servers. This results in a severe breach of user privacy and circumvents traditional browser security measures. Cybersecurity firm Wazuh has stated that their Vulnerability Detection module can identify and address this specific flaw. 

The module leverages information from their Cyber Threat Intelligence (CTI) service to monitor browser versions and trigger alerts when vulnerable builds are detected. In controlled testing using Wazuh OVA 4.12.0, researchers were able to scan systems running Windows 11 and Debian 11 to determine if they were running affected versions of Chrome or Chromium. According to Wazuh’s platform, users can search for the vulnerability by querying CVE-2025-4664. If vulnerable software is found, the module changes the system status from “Active” to “Solved” after the necessary fixes are applied, helping administrators track progress in real time. 

In response to the discovery, Google has issued an emergency patch for Chrome users on Windows and Gentoo Linux. It is strongly recommended that users on these operating systems update their browsers immediately to avoid exposure. However, users on Debian 11 who rely on Chromium remain at risk, as no updated version has been released for that platform. All Chromium builds up to version 120.0.6099.224 are still considered vulnerable. Until a patch is available, security professionals advise uninstalling Chromium on affected Debian systems as a precautionary measure. 

While these immediate actions are important, experts caution that relying solely on browser updates is not a comprehensive defense. The broader cybersecurity strategy must include the use of endpoint protection platforms, anti-malware systems, and modern antivirus tools. These security layers can help detect and neutralize threats that slip past browser-based defenses and provide a stronger safety net for users and enterprises alike. 

As browser-based zero-day threats continue to emerge, users must remain vigilant. Rapid patching combined with proactive cybersecurity tools offers the best chance of mitigating risks and maintaining a secure browsing environment.
Read more »
Sandboxing
Cookies data security Google Google Chrome Google Chrome browser Google Chrome security Privacy Privacy Sandbox Sandboxing

Google Ends Privacy Sandbox, Keeps Third-Party Cookies in Chrome

 

Google has officially halted its years-long effort to eliminate third-party cookies from Chrome, marking the end of its once-ambitious Privacy Sandbox project. In a recent announcement, Anthony Chavez, VP of Privacy Sandbox, confirmed that the browser will continue offering users the choice to allow or block third-party cookies—abandoning its previous commitment to remove them entirely. 

Launched in 2020, Privacy Sandbox aimed to overhaul the way user data is collected and used for digital advertising. Instead of tracking individuals through cookies, Google proposed tools like the Topics API, which categorized users based on web behavior while promising stronger privacy protections. Despite this, critics claimed the project would ultimately serve Google’s interests more than users’ privacy or industry fairness. Privacy groups like the Electronic Frontier Foundation (EFF) warned users that the Sandbox still enabled behavioral tracking, and urged them to opt out. Meanwhile, regulators on both sides of the Atlantic scrutinized the initiative. 

In the UK, the Competition and Markets Authority (CMA) investigated the plan over concerns it would restrict competition by limiting how advertisers access user data. In the US, a federal judge recently ruled that Google engaged in deliberate anticompetitive conduct in the ad tech space—adding further pressure on the company. Originally intended to bring Chrome in line with browsers like Safari and Firefox, which block third-party cookies by default, the Sandbox effort repeatedly missed deadlines. In 2023, Google shifted its approach, saying users would be given the option to opt in rather than being automatically transitioned to the new system. Now, it appears the initiative has quietly folded. 

In his statement, Chavez acknowledged ongoing disagreements among advertisers, developers, regulators, and publishers about how to balance privacy with web functionality. As a result, Google will no longer introduce a standalone prompt to disable cookies and will instead continue with its current model of user control. The Movement for an Open Web (MOW), a vocal opponent of the Privacy Sandbox, described Google’s reversal as a victory. “This marks the end of their attempt to monopolize digital advertising by removing shared standards,” said MOW co-founder James Rosewell. “They’ve recognized the regulatory roadblocks are too great to continue.” 

With Privacy Sandbox effectively shelved, Chrome users will retain the ability to manage cookie preferences—but the web tracking status quo remains firmly in place.
Read more »
Malware Attack
Chrome Cyber Attacks Cyble Cyble research data security Data Theft Google Chrome security Malware Attack

Sophisticated Malware Bypasses Chrome App-Bound Encryption Using Dual Injection

 

Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies. 

However, the newly discovered malware employs dual injection techniques to circumvent these defenses, allowing cybercriminals to extract sensitive credentials. The attack begins with a deceptive file distribution method. The malware is embedded within a ZIP file disguised as a PDF document. 

When opened, it executes a malicious LNK shortcut file that creates a scheduled task, running every 15 minutes. Another component of the attack is an XML project file, which is designed to appear as a PNG image, further tricking users into engaging with the malicious content.  

To execute its payload, the malware exploits MSBuild.exe, a legitimate Microsoft development tool. This enables it to run directly in system memory without creating detectable files on the disk, making it much harder for traditional security solutions to identify and stop the attack. The use of fileless execution techniques ensures that the malware operates stealthily while maintaining persistence on an infected system. 

A key aspect of this attack is its dual injection approach. The malware employs both Process Injection and Reflective DLL Injection to execute malicious code within legitimate system processes. This method allows it to blend in with normal activity while avoiding detection. By targeting Chrome’s security framework, the malware can extract encrypted login data, cookies, and other sensitive browser-stored information. 

The malware also leverages the Telegram Web API for command and control communications. This connection enables threat actors to issue remote commands, modify bot configurations, and control infected systems with minimal interference. The dynamic bot ID switching feature adds an additional layer of stealth, ensuring continued access even if parts of the attack infrastructure are disrupted. Cyble researchers noted that the malware appears to be specifically targeting organizations in Vietnam, particularly those in the telemarketing and sales industries.

However, the method it uses could be adapted for broader campaigns, posing a risk to businesses and individuals globally. The initial infection method remains unclear, but it likely involves phishing emails or malicious downloads.  

To mitigate the risk of such attacks, Cyble recommends implementing strict email attachment filtering, restricting the execution of unverified files, and enhancing user awareness about phishing threats. 

Organizations should also deploy advanced security solutions capable of detecting fileless malware attacks. The research highlights the evolving nature of cyber threats and the need for proactive cybersecurity measures to safeguard sensitive data.
Read more »
Google Updates
Ad Blockers API Chrome Extensions Cyber Security Google Google Chrome Google Chrome security Google Updates

The Impact of Google’s Manifest V3 on Chrome Extensions

 

Google’s Manifest V3 rules have generated a lot of discussion, primarily because users fear it will make ad blockers, such as Ublock Origin, obsolete. This concern stems from the fact that Ublock Origin is heavily used and has been affected by these changes. However, it’s crucial to understand that these new rules don’t outright disable ad blockers, though they may impact some functionality. The purpose of Manifest V3 is to enhance the security and privacy of Chrome extensions. A significant part of this is limiting remote code execution within extensions, a measure meant to prevent malicious activities that could lead to data breaches. 

This stems from incidents like DataSpii, where extensions harvested sensitive user data including tax returns and financial information. Google’s Manifest V3 aims to prevent such vulnerabilities by introducing stricter regulations on the code that can be used within extensions. For developers, this means adapting to new APIs, notably the WebRequest API, which has been altered to restrict certain network activities that extensions used to perform. While these changes are designed to increase user security, they require extension developers to modify how their tools work. Ad blockers like Ublock Origin can still function, but some users may need to manually enable or adjust settings to get them working effectively under Manifest V3. 

Although many users believe that the update is intended to undermine ad blockers—especially since Google’s main revenue comes from ads—the truth is more nuanced. Google maintains that the changes are intended to bolster security, though skepticism remains high. Users are still able to use ad blockers such as Ublock Origin or switch to alternatives like Ublock Lite, which complies with the new regulations. Additionally, users can choose other browsers like Firefox that do not have the same restrictions and can still run extensions under their older, more flexible frameworks. While Manifest V3 introduces hurdles, it doesn’t spell the end for ad blockers. The changes force developers to ensure that their tools follow stricter security protocols, but this could ultimately lead to safer browsing experiences. 

If some extensions stop working, alternatives or updates are available to address the gaps. For now, users can continue to enjoy ad-free browsing with the right tools and settings, though they should remain vigilant in managing and updating their extensions. To further protect themselves, users are advised to explore additional options such as using privacy-focused extensions like Privacy Badger or Ghostery. For more tech-savvy individuals, setting up hardware-based ad-blocking solutions like Pi-Hole can offer more comprehensive protection. A virtual private network (VPN) with built-in ad-blocking capabilities is another effective solution. Ultimately, while Manifest V3 may introduce limitations, it’s far from the end of ad-blocking extensions. 

Developers are adapting, and users still have a variety of tools to block intrusive ads and enhance their browsing experience. Keeping ad blockers up to date and understanding how to manage extensions is key to ensuring a smooth transition into Google’s new extension framework.
Read more »
Google Chrome security
Browser Extension Browser Vulnerability Chrome Web Store Cyber Security data security Google Google Chrome Google Chrome security

Google Chrome Users at Risk: Study Reveals Dangerous Extensions Affecting 280 Million

 

A recent study has unveiled a critical security threat impacting approximately 280 million Google Chrome users who have installed dangerous browser extensions. These extensions, often masquerading as useful tools, can lead to severe security risks such as data theft, phishing, and malware infections. 

The research highlights that many of these malicious extensions request excessive permissions, granting them access to sensitive user data, the ability to monitor online activities, and even control over browser settings. This exposure creates significant vulnerabilities, enabling cybercriminals to exploit personal information, which could result in financial losses and privacy invasions. In response, Google has been actively removing harmful extensions from the Chrome Web Store. 

However, the persistence and evolving nature of these threats underscore the importance of user vigilance. Users are urged to carefully evaluate the permissions requested by extensions and consider user ratings and comments before installation. Cybersecurity experts recommend several proactive measures to mitigate these risks. Regularly reviewing and removing suspicious or unnecessary extensions is a crucial step. Ensuring that the browser and its extensions are updated to the latest versions is also vital, as updates often include essential security patches. Employing reputable security tools can further enhance protection by detecting and preventing malicious activities associated with browser extensions. 

These tools provide real-time alerts and comprehensive security features that safeguard user data and browsing activities. This situation underscores the broader need for increased cybersecurity awareness. As cybercriminals continue to develop sophisticated methods to exploit browser vulnerabilities, both users and developers must remain alert. Developers are encouraged to prioritize security in the creation and maintenance of extensions, while users should stay informed about potential threats and adhere to best practices for safe browsing. 

The study serves as a stark reminder that while browser extensions can significantly enhance user experience and functionality, they can also introduce severe risks if not managed correctly. By adopting proactive security measures and staying informed about potential dangers, users can better protect their personal information and maintain a secure online presence. 

Ultimately, fostering a culture of cybersecurity awareness and responsibility is essential in today’s digital age. Users must recognize the potential threats posed by seemingly harmless extensions and take steps to safeguard their data against these ever-present risks. By doing so, they can ensure a safer and more secure browsing experience.
Read more »
System Security
ARM architecture ARM TIKTAG attack Cyber Attacks Cybersecurity Data Leakage Google Chrome security Hacking Linux Vulnerability Memory Tagging Extension speculative execution attack System Security

New ARM 'TIKTAG' Attack Affects Google Chrome and Linux Systems

 

A newly identified speculative execution attack named "TIKTAG" exploits ARM's Memory Tagging Extension (MTE) to leak data with a success rate exceeding 95%, allowing hackers to circumvent this security feature.

This discovery was detailed in a paper by researchers from Samsung, Seoul National University, and the Georgia Institute of Technology. They demonstrated the attack on Google Chrome and the Linux kernel.

MTE, introduced in ARM v8.5-A architecture and subsequent versions, aims to detect and prevent memory corruption. It utilizes low-overhead tagging by assigning 4-bit tags to 16-byte memory chunks to ensure that the tag in the pointer matches the accessed memory region.

MTE operates in three modes: synchronous, asynchronous, and asymmetric, to balance security and performance.

The researchers identified two gadgets, TIKTAG-v1 and TIKTAG-v2, which leverage speculative execution to leak MTE memory tags efficiently. While leaking these tags doesn't directly reveal sensitive information such as passwords or encryption keys, it can potentially weaken MTE's defenses, making systems vulnerable to covert memory corruption attacks.

TIKTAG-v1 exploits CPU behaviors such as branch prediction and data prefetching to leak MTE tags, particularly affecting the Linux kernel functions involving speculative memory accesses, though kernel pointer manipulation is necessary.

The attack involves using system calls to trigger the speculative execution path and measuring cache states to infer memory tags.

TIKTAG-v2 exploits speculative execution's store-to-load forwarding, where a value stored to a memory address is immediately loaded from the same address. If the tags match, the value is forwarded, altering the cache state; if not, forwarding is blocked, leaving the cache state unchanged.

By probing the cache state post-speculative execution, attackers can deduce the tag check results.

The effectiveness of TIKTAG-v2 was demonstrated against the Google Chrome browser's V8 JavaScript engine, potentially exposing memory corruption vulnerabilities in the renderer process.

The researchers reported their findings to the affected parties between November and December 2023, receiving generally positive feedback but no immediate fixes. Their technical paper on arxiv.org suggests several mitigations:

1. Modify hardware design to prevent speculative execution from altering cache states based on tag check results.
2. Insert speculation barriers (e.g., sb or isb instructions) to block speculative execution of critical memory operations.
3. Add padding instructions to extend the execution window between branch instructions and memory accesses.
4. Enhance sandboxing mechanisms to strictly limit speculative memory access paths within safe memory regions.

ARM acknowledged the seriousness of the situation but did not view it as a compromise of the feature, noting that allocation tags are not intended to be secrets within the address space.

Chrome's security team recognized the issues but chose not to address the vulnerabilities, citing that the V8 sandbox is not designed to ensure the confidentiality of memory data and MTE tags. Additionally, Chrome does not currently enable MTE-based defenses by default, making it a lower priority for immediate fixes.

The MTE vulnerabilities in the Pixel 8 device were reported to the Android security team in April 2024 and were acknowledged as a hardware flaw qualifying for a bounty reward.
Read more »
Subscribe to: Comments (Atom)