7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
chrome
Chrome 143 Patches High-Severity Vulnerabilities
Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine.
The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Chrome 143 Update Patches 13 Security Vulnerabilities Allowing Arbitrary Code Execution
Google has released Chrome 143 to the stable channel, addressing 13 security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update is now rolling out to Windows, Mac, and Linux users worldwide. The latest …
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors
The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access.
The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek.
New “HashJack” attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice)…
Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript a…
Chrome 142 Update Patches Exploited Zero-Day
The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor.
The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to…
Chrome extension “Safery” steals Ethereum wallet seed phrases
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web […]
Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases
Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects.
The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek.