Google patched 30 Chrome vulnerabilities, including four Critical flaws. Here’s what users should know and how to update Chrome and Firefox.

The post Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws appeared first on TechRepublic.

Malicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in enterprise security.

The post Malicious TikTok Downloader Extensions Quietly Compromised 130K Users appeared first on TechRepublic.

A privacy expert warns Chrome still allows browser fingerprinting and tracking, raising concerns after Google’s shift away from third-party cookie changes.

The post Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks appeared first on TechRepublic.

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection.

The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic.

See what you missed in Daily Tech Insider from April 6–10.

The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic.

Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and full device compromise.

The post Patch Now: Chrome Flaw Under Active Attack, Google Confirms appeared first on TechRepublic.

Google patches eight high-severity Chrome vulnerabilities affecting 3.5 billion users. Here’s why you should update and relaunch your browser now.

The post Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users: What You Need to Know appeared first on TechRepublic.

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.

The post Critical Chrome Security Flaws Threaten Billions of Users Worldwide appeared first on TechRepublic.

Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites.

The post Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files appeared first on TechRepublic.

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

The post Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets appeared first on TechRepublic.

Google released a Chrome security update patching three high-severity vulnerabilities, including memory flaws that could enable remote attacks.

The post Google Alerts Users to Serious Chrome Bugs With Takeover Risk appeared first on TechRepublic.

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic.

A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent.

The post Chrome Add-On Caught Stealing Amazon Commissions appeared first on TechRepublic.

Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." Read more in my article on the Fortra blog.

Extensions installed on almost 1 million devices have been overriding key security protections to turn browsers into engines that scrape websites on behalf of a paid service, a researcher said.

The 245 extensions, available for Chrome, Firefox, and Edge, have racked up nearly 909,000 downloads, John Tuckner of SecurityAnnex reported. The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers. The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions.

Intentional weakening of browsing protections

Tuckner and critics say the monetization works by using the browser extensions to scrape websites on behalf of paying customers, which include AI startups, according to MellowTel founder Arsian Ali. Tuckner reached this conclusion after uncovering close ties between MellowTel and Olostep, a company that bills itself as "the world's most reliable and cost-effective Web scraping API." Olostep says its service “avoids all bot detection and can parallelize up to 100K requests in minutes.” Paying customers submit the locations of browsers they want to access specific webpages. Olostep then uses its installed base of extension users to fulfill the request.

Read full article

Comments

As many of us celebrated the year-end holidays, a small group of researchers worked overtime tracking a startling discovery: At least 33 browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices.

The compromises came to light with the discovery by data loss prevention service Cyberhaven that a Chrome extension used by 400,000 of its customers had been updated with code that stole their sensitive data.

’Twas the night before Christmas

The malicious extension, available as version 24.10.4, was available for 31 hours, from December 25 at 1:32 AM UTC to Dec 26 at 2:50 AM UTC. Chrome browsers actively running Cyberhaven during that window would automatically download and install the malicious code. Cyberhaven responded by issuing version 24.10.5, and 24.10.6 a few days later.

Read full article

Comments

© Getty Images