Google Chrome to let Isolated Web App access sensitive USB devices
    Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. As part of the WebUSB specification, there are certain interface classes that are protected from being accessed via web applications to prevent malicious scripts from accessing potentially sensitive data. The list of protected interface...
    By AFFA 2024-07-01 18:31:11 0 81
    Fake Google Chrome errors trick you into running malicious PowerShell scripts
    A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. The new campaign was observed being used by multiple threat actors, including those behind ClearFake, a new attack cluster called ClickFix, and the TA571 threat actor, known for operating as a spam distributor that sends large volumes of email, leading to malware and ransomware infections. Previous ClearFake attacks utilize...
    By AFFA 2024-06-18 20:07:55 0 126
    Over 90 malicious Android apps with 5.5M installs found on Google Play
    May 28, 2024   05:48 PM   5 Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa (aka "Teabot") is a banking trojan that targets over 650 applications of financial institutions in Europe, the US, the UK, and Asia. It attempts to steal people's e-banking credentials to perform fraudulent transactions. In...
    By AFFA 2024-05-30 18:46:42 0 98
    Frustration grows over Google's AI Overviews feature, how to disable
    May 19, 2024   01:43 PM   4 Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. Unfortunately, you can't. However, there are ways to turn it off using a new "Web" search mode, which we explain below. AI Overviews, also known as "Search Generative Experience," is Google's new search feature that summarizes web content using its in-house LLM...
    By AFFA 2024-05-20 20:03:21 0 194
    Google fixes fifth Chrome zero-day exploited in attacks this year
    May 10, 2024   04:08 AM   0 ​Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. The high-severity issue tracked as CVE-2024-4671 is a “user after free” vulnerability in the Visuals component that handles the rendering and display of content on the browser. CVE-2024-4671 was discovered and reported to Google by an anonymous researcher, while the...
    By AFFA 2024-05-10 18:19:40 0 125
    Google rolls back reCaptcha update to fix Firefox issues
    May 3, 2024   01:07 PM   1 Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. Yesterday, BleepingComputer received multiple reports that reCaptcha stopped working in the latest version of Mozilla Firefox, with the issues also reported on Twitter and Reddit. BleepingComputer tested reCaptcha on our devices and confirmed that the service no longer...
    By AFFA 2024-05-03 18:22:30 0 363
    Google now pays up to $450-Thousand Dollars for RCE bugs in some Android apps
    April 30, 2024   02:33 PM   0 Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. The company made these changes to the Mobile Vulnerability Rewards Program (Mobile VRP) and they apply to what it describes as Tier 1 applications. The list of in-scope apps includes Google Play Services,...
    By AFFA 2024-05-01 15:36:07 0 392
    Google rejected 2.28 million risky Android apps from Play store in 2023
    April 29, 2024   12:00 PM   0 Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. Additionally, the tech giant reports that it identified and blocked 333,000 Google Play accounts that uploaded malware, fraudulent apps, or engaged in repeated grave policy violations. For comparison, in 2022, Google blocked 1.5 million "bad"...
    By AFFA 2024-04-29 18:46:17 0 163
    Google Meet opens client-side encrypted calls to non Google users
    April 24, 2024   11:44 AM   0 Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. Client-side encryption ensures that only people in the meeting have access to the data delivered through the application. Google Meet is part of the Google Workspace suite and provides users with secure video meetings and calls over the internet. The app has...
    By AFFA 2024-04-24 17:28:11 0 137
    Chrome Enterprise gets Premium security but you have to pay for it
    April 10, 2024   03:52 PM   1 Google has announced a new version of its browser for organizations, Chrome Enterprise Premium, which comes with extended security controls for a monthly fee per user. The product is a step up from Chrome Enterprise, now demoted to Chrome Enterprise Core, and provides threat and data protection, increased control options, and reporting capabilities. Extra security at a cost Google’s new security-enhanced alternative for...
    By AFFA 2024-04-11 15:47:14 0 194
    Google fixes two Pixel zero-day flaws exploited by forensics firms
    April 3, 2024   10:47 AM   1 Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. Although Pixels run Android, they receive separate updates from the standard monthly patches distributed to all Android device OEMs. This is due to their unique hardware platform, over which Google has direct control, and the exclusive features and capabilities. While the April...
    By AFFA 2024-04-03 17:54:13 0 198
    Google fixes one more Chrome zero-day exploited at Pwn2Own
    April 3, 2024   12:39 PM   0 Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. Tracked as CVE-2024-3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine. Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via...
    By AFFA 2024-04-03 17:50:41 0 231
    Google agrees to delete Chrome browsing data of 136 million users
    April 2, 2024   01:07 PM   0 Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. The case concerns a class-action lawsuit filed in June 2020 against Google, targeting the inadequate disclosure of data collection practices and lack of privacy controls in Chrome's Incognito mode. The...
    By AFFA 2024-04-02 21:36:33 0 168
    New Chrome feature aims to stop hackers from using stolen cookies
    April 2, 2024   02:08 PM   2 Google announced a new Chrome security feature called 'Device Bound Session Credentials' that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. Cookies are files that websites use to remember your browsing information and preferences and automatically log you into a service or website. These cookies are created after you log into a service and verify multi-factor...
    By AFFA 2024-04-02 21:35:18 0 211
    Google Podcasts service shuts down in the US next week
    March 29, 2024   11:03 AM   0 U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. Google is currently sending in-app notifications to users in the U.S. that starting April 2nd they will no longer be able to use Google Podcasts and is recommending to export subscriptions to YouTube Music. The Google Podcasts streaming service launched...
    By AFFA 2024-03-30 17:22:44 0 165
More Articles
Read More
The Week in Ransomware - January 5th 2024 - Secret decryptors
January 5, 2024   05:16 PM   0 With it being the first week of the...
By AFFA 2024-01-07 16:41:00 0 359
Opera sees big jump in EU users on iOS, Android after DMA update
March 23, 2024   12:59 PM   0 Opera has reported a substantial...
By AFFA 2024-03-24 16:46:09 0 221
Windows 11 KB5034848 preview update adds USB 80Gbps support
February 29, 2024   02:00 PM   1 Microsoft has released the...
By AFFA 2024-03-01 19:01:46 0 341
Why (and how) threat actors target your Active Directory
June 5, 2024   10:01 AM   0 Microsoft Active Directory tops the...
By AFFA 2024-06-05 16:47:39 0 102
Malicious PowerShell script pushing malware looks AI-written
April 10, 2024   12:12 PM   0 A threat actor is using a PowerShell...
By AFFA 2024-04-11 15:54:30 0 169