SecurityWeek

Chrome 146 Update Patches Two Exploited Zero-Days

Google has rushed out a Chrome 146 security update that patches two zero-day vulnerabilities exploited in the wild.

Google fixes two new Chrome zero-days exploited in attacks

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks.

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay protected.

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
heise online

Attacks on Chrome, Zimbra, ThreatSonar, and ActiveX module observed

Despite operating in a reduced capacity, the US cybersecurity agency CISA has issued a warning about ongoing attacks exploiting vulnerabilities in Chrome, Zimbra, ThreatSonar, and an ActiveX module.
InfoQ

Chrome 144 Ships Temporal API: Advancing JavaScript Date/Time Standardisation

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Ludi Akue discusses how the tech sector’s ...