Google Archives - Cyber Security Minute

Google Settles Lawsuit Over Tracking ‘Incognito Mode’ Chrome Users

Issued by: Dark Reading

Google is settling a class-action lawsuit over how it tracks data from individuals using browsers in “private” or “incognito” mode. The plaintiffs in Brown et al v. Google LLC alleged that Google violated US federal laws regarding wiretapping and invasion of privacy, by continuing to track, collect, and identify browsing data from users of “Incognito…

News

Is China waging a cyber war with Taiwan?

Issued by: CSO Online

Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. With geopolitical tensions and a trade war acting as a backdrop, China-led cyberattacks on Taiwan are rising sharply, according to multiple security reports. In the latest report about alleged China-sponsored cyberattacks on Taiwan, Kate Morgan, a…

Network Security

Addressing AI and Security Challenges With Red Teams: A Google Perspective

Issued by: Dark Reading

In our digital world, the security landscape is in a constant state of flux. Advances in artificial intelligence (AI) will trigger a profound shift in this landscape, and we must be prepared to address the security challenges associated with new frontiers of AI innovation in a responsible way. At Google, we’re acutely aware of these…

Vulnerabilities

Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

Issued by: SecurityWeek

Portable computers running Google’s ChromeOS, Chromebooks have been in users’ hands since 2012, and have become one of the most used types of devices within the education sector. To prolong their lives and ensure they remain secure to use, Google said it plans to extend the automatic security updates period for some of these devices,…

Application Security

Google Fixes Chrome Zero-Day Exploited in the Wild

Issued by: DataBreach Today

Google released a fix on Monday for a Chrome zero-day. Like the three before it, this fourth Chrome zero-day vulnerability found in 2023 allows an attacker to remotely target a vulnerable version of the browser. An attacker could exploit the vulnerability to execute arbitrary code, mishandle the data in the browser’s memory and eventually crash…

Mobile Security

Google addressed an actively exploited zero-day in Android

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

Vulnerabilities

What Causes a Rise or Fall in Fresh Zero-Day Exploits?

Issued by: DataBreach Today

Why are so many fresh zero-day vulnerabilities getting exploited in the wild? A new study from Google says that last year, 41 new zero-day vulnerabilities were exploited in the wild. While that’s welcome news in terms of recent volume – it’s a 40% decrease from the all-time annual high of 69 in 2021 – it’s…

Vulnerabilities

Chrome 114 Update Patches Critical Vulnerability

Issued by: SecurityWeek

The most important of these issues is CVE-2023-3214, a critical use-after-free flaw in Autofill payments. The issue was reported by Rong Jian of VRI, Google notes in its advisory. Use-after-free vulnerabilities are a type of memory corruption bugs that occur when a pointer is not cleared after memory allocation has been freed. Such flaws may…

Mobile Security

Samsung Patches Memory Address Randomization Bypass Flaw

Issued by: DataBreach Today

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE….