google chrome
Google Chrome adds new security layer for Gemini AI agentic browsing
Google is introducing in the Chrome browser a new defense layer called ‘User Alignment Critic’ to protect upcoming agentic AI browsing features powered by Gemini. Agentic browsing is an emerging mode in which an AI agent is configured to autonomously perform for the user multi-step tasks on the web, including navigating sites, reading their content, […]
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, discovered by Koi Security, unfolded in distinct phases that gradually introduced additional malicious functionality, turning the browser extension from a legitimate tool into spyware. The ShadyPanda campaign consists […]
Google fixes new Chrome zero-day flaw exploited in attacks
Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. “Google is aware that an exploit for CVE-2025-13223 exists in the wild,” the search giant warned in a security advisory published on Monday. This high-severity vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine, reported last […]
Google Chrome to warn users before opening insecure HTTP sites
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. Google Chrome also has an opt-in HTTPS-First Mode since 2021, which added the “Always Use Secure Connections” setting and attempts to connect to websites over HTTPS (HyperText Transfer Protocol […]
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll earlier this year, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. Operation ForumTroll was uncovered by Kaspersky in March. The campaign targeted Russian organizations – media outlets, universities, research centers, government organizations, and financial institutions, with well-crafted invitations […]
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
Security researchers are warning that Vidar Stealer infections are likely to increase after the malware developer released a new major version with upgraded capabilities. According to an announcement from the developer this month, Vidar 2.0 has been rewritten in C, supports multi-threading data stealing, bypasses Chrome’s app-bound encryption, and features more advanced evasion mechanisms. Infostealer […]
Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. An estimated 1.8 million developers, the userbase for the two IDEs, are exposed to the risks. Ox Security researchers explain that both development environments are built on old software […]
Google patches sixth Chrome zero-day exploited in attacks this year
Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. While it didn’t specifically say whether this security flaw is still being actively abused in the wild, the company warned that it has a public exploit, a common indicator […]
OpenAI prepares Chromium-based AI browser to take on Google
OpenAI is testing an AI-powered browser that uses Chromium as its underlying engine, and it could debut on macOS first. My sources tell me that OpenAI has already started updating ChatGPT to power the Chrome rival. OpenAI is building an AI-powered tab selection, a new tab page, and a feature that allows the browser to […]
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser’s sandbox protection. The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. The security issue is […]