serisec

Category: Chrome

  • Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones

    Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for Windows, 148.0.7778.215/216 for macOS, and…

  • Claude Desktop Reportedly Adds Browser Access Bridge to Multiple Chromium-Based Browsers

    Claude Desktop Reportedly Adds Browser Access Bridge to Multiple Chromium-Based Browsers A recent technical audit by privacy researcher Alexander Hanff has revealed that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge into the directories of several Chromium-based browsers. This undocumented behavior occurs without user consent, raising significant privacy and security concerns…

  • Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!

    Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! Google has rolled out a crucial security update for its Chrome browser, addressing 31 vulnerabilities that could leave systems exposed to severe cyber threats. Released on April 15, 2026, this Stable Channel update requires immediate attention from users worldwide, as the most severe flaws…

  • Google Unveils Device-Bound Chrome Sessions in Anti-Cookie-Theft Move

    Google Unveils Device-Bound Chrome Sessions in Anti-Cookie-Theft Move Google officially announced the public rollout of Device Bound Session Credentials (DBSC) for Windows users on Chrome 146. According to the Google Account Security and Chrome teams, this major security update aims to eliminate session hijacking, a primary method for attackers to compromise user accounts. The feature…

  • Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code

    Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code Google has released Chrome 147 to the stable channel for Windows, Mac, and Linux, patching a sweeping set of security vulnerabilities — including two critical-severity flaws that could allow remote attackers to execute arbitrary code on targeted systems. The most severe vulnerabilities in this release are…

  • Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution

    Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution Google has rolled out an urgent security update for the Chrome browser to address eight high-severity vulnerabilities. These newly patched security flaws could allow threat actors to execute arbitrary code remotely, posing a significant risk to user data and system integrity. The stable channel is…

  • Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution

    Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS, while Linux users will…

  • CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks

    CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With the deadline for federal agencies to…

  • Chrome Security Update – Patch for 29 Vulnerabilities that Allow Remote Code Execution

    Chrome Security Update – Patch for 29 Vulnerabilities that Allow Remote Code Execution Google has officially released Chrome version 146 to the stable channel, delivering crucial security updates for Windows, Mac, and Linux users. Rolling out over the coming days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac addresses 29 security vulnerabilities. Many…

  • Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys

    Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys Socket’s Threat Research Team has discovered a malicious Google Chrome extension named “lmΤoken Chromophore” that actively steals cryptocurrency wallet credentials. Masquerading as a harmless hex color visualizer, the extension actually impersonates the popular non-custodial wallet brand imToken. Since its launch in 2016, imToken has served…

  • Malicious Chrome Extension Steals Facebook Business Manage 2FA Codes and Analytics Data

    Malicious Chrome Extension Steals Facebook Business Manage 2FA Codes and Analytics Data A malicious Chrome extension that claims to help Meta Business users quietly steals Facebook Business Manager 2FA codes and analytics data, putting high‑value ad accounts at risk of takeover. The extension, “CL Suite by @CLMasters” (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is still available in the Chrome Web…

  • Malicious Chrome AI Extensions Attacking 260,000 Users via Injected IFrames

    Malicious Chrome AI Extensions Attacking 260,000 Users via Injected IFrames A coordinated campaign is using malicious Chrome extensions that impersonate popular AI tools like ChatGPT, Claude, Gemini, and Grok. These fake “AI assistants” spy on users through injected, remote-controlled iframes, turning helpful browser add-ons into surveillance tools. More than 260,000 users have installed these extensions.…

  • 287 Chrome Extensions Exfiltrate Browsing History From 37.4 Million Users

    287 Chrome Extensions Exfiltrate Browsing History From 37.4 Million Users A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide. According to research with alias qcontinuum1, the discovery represents roughly one percent of the global Chrome user base, highlighting a significant privacy breach affecting millions of…

  • Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution

    Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected over the…

  • Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code

    Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code Google has released an emergency security update for Chrome to address a critical use-after-free vulnerability (CVE-2025-9478) in the ANGLE graphics library that could allow attackers to execute arbitrary code on compromised systems.  The vulnerability affects Chrome versions prior to 139.0.7258.154/.155 across Windows, Mac, and…

  • New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature

    New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges from within the Chrome renderer sandbox on Linux systems.  Google Project Zero researcher Jann Horn discovered the bug affects…

  • CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild.  The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, marking it as…

  • Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild

    Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the…

  • Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans

    Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans In honor of Safer Internet Day, Google has announced a significant milestone in online security, more than 1 billion Chrome users are now safeguarded by the browser’s Enhanced Protection mode. This advanced security feature, introduced in 2020 as part of Google Safe…