Croatian security researcher Bojan Zdrnja has discovered a malicious Google Chrome extension which abuses Chrome Sync process and can help hackers steal user data by sending commands to infected browsers, bypassing traditional firewalls and other network defences. Zdrnja said that the malicious Chrome extension can communicate with command and control server and as a way to exfiltrate data from infected browsers.
Google’s Chrome v88 now gives an easy shortcut to identify weak passwords and quickly edit them. One has to click on the key icon that appears under the profile or can manually enter chrome://settings/passwords in the address bar. The new feature, which will be rolled out in coming weeks, makes it easier to update multiple usernames and passwords at one place. Google has also promised to roll out more privacy and security features throughout 2021.
Cyber Security firm Avast has identified malware hidden in as many as 28 third-party Google Chrome and Microsoft Edge extensions that could have impacted over 30 lakh people globally. The extensions are for platforms like Instagram, Facebook and Google Chrome. The malware, which is still active, has the functionality to redirect user’s traffic to ads or phishing sites and to steal personal data. Microsoft and Google Chrome teams are reportedly looking into the issue.
Tech industry heavyweights — Google, Box, Citrix, Dell, Imprivata, Intel, Okta, RingCentral, Slack, VMware, Zoom — launched the Modern Computing Alliance with the aim to “drive ‘silicon-to-cloud’ innovation for the benefit of enterprise customers. The alliance aims to create a new and modern computing platform to provide additional choice for integrated business solutions. Experts, however, opined that the alliance is all about helping enterprises adopt Chrome and Chrome OS.
Tech giant Google has advised users of Android smartphones to update the Chrome browser after it patched the third Zero-Day bug in the browser. The first two affected the desktop versions of the browser. The bug could be used by the attackers to bypass the Chrome security sandbox on Android devices and run code on the underlying OS. This was the third Chrome Zero-Day discovered by the Google Threat Analysis Group team in the past 14 days.
System administrator A Nikoci said that hackers may trick Google Drive users into downloading malware into their systems. Google lets users change file versions without checking if it’s the same type, allowing hackers to replace an original file with a malicious one. To make it worse, Chrome implicitly trusts Drive downloads and ignores if other antivirus software raises warning against it. This can lead to spear-phishing attacks as Drive files are sharable.
CERT-In has warned Google Chrome users of potential cybercrimes. The agency has asked users to immediately update their Chrome browsers to version 84.0.4147.89. It comes with 38 fixes, improvements against exploitable vulnerabilities. Reportedly, these vulnerabilities can enable remote attackers to execute malicious code, access sensitive info, launch a DDoS attack etc. Google, recently removed 70 malicious Chrome extensions that spied on users’ activities.
Chrome risked users’ data, lacking protection from spyware spying through 32M times downloaded extensions. It extracted users’ browsing history and info that gave access to login credentials. Google is avoiding any comments on this situation. However, the tech giant said that they removed the app earlier as soon as the breach was reported. The spyware carrying domains were bought from Israel-based Galcomm. They have denied their involvement in the activity.
Google has confirmed that Chrome was suffering from severe graphical glitches on MacOS. Users are vexed with mass horizontal blue lines appearing in the display. Apple and Google’s support forums are flooding with complaints. However, Google assures the unavailability of technical issues from their end, concluding, the loopholes exist with Apple. Meanwhile, users have disabled hardware acceleration in Chrome for a temporary workaround.