google chrome
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]
Chrome extensions with 6 million installs have hidden tracking code
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. These extensions are ‘hidden,’ meaning they don’t show up on Chrome Web Store searches, nor do search engines index them, and can only be installed […]
Google Chrome 136 fixes 20-year browser history privacy risk
Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users’ browsing history through the previously visited links. The problem arises from allowing sites to style links as ‘:visited,’ meaning showing them as another color instead of the default blue if a user had previously clicked on them. The system displays this color […]
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. “Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild,” the company said in a security advisory published Tuesday. Tracked as CVE-2025-2783, this vulnerability was discovered by Kaspersky’s Boris Larin […]
Malicious Chrome extensions can spoof password managers in new attack
A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. […]
Google Chrome disables uBlock Origin for some in Manifest v3 rollout
Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. For those unaware, Manifest V3 is Chrome’s latest extension specification and is designed to limit extension access to user network requests, block developers from utilizing remote content, […]
Google Chrome’s AI-powered security feature rolls out to everyone
Google Chrome has updated the existing “Enhanced protection” feature with AI to offer “real-time” protection against dangerous websites, downloads and extensions. As spotted by Leo on X, the update has been rolled out to Chrome’s stable channel on all platforms after three months of testing in Canary. Enhanced protection, which is part of the Safe browsing feature, isn’t […]
Microsoft improves text contrast for all Windows Chromium browsers
Microsoft says it improved the contrast of text rendered in all Chromium-based web browsers on Windows, making it more readable on some displays. This was done by bringing the company’s enhanced text contrast and gamma correction in the Chromium open-source project, making enhanced font rendering available for all Windows Chromium-based browsers, including Google Chrome version […]
Google to kill Chrome Sync on older Chrome browser versions
Google announced that the Chrome Sync feature will be discontinued in early 2025 for Chrome versions older than four years. When enabled, Chrome Sync keeps users’ bookmarks, passwords, history, open tabs, settings, preferences, and, sometimes, Google Pay payment information. It also automatically signs users into Gmail, YouTube, Search, and other Google services. The move was […]
Google launches customizable Web Store for Enterprise extensions
Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees’ web browsers. Malicious Chrome extensions have long been a problem, with scammers and threat actors actively releasing or hijacking existing extensions to include malicious code. Last month, thirty-five extensions were compromised after […]