The most important of these issues is CVE-2023-3214, a critical use-after-free flaw in Autofill payments. The issue was reported by Rong Jian of VRI, Google notes in its advisory. Use-after-free vulnerabilities are a type of memory corruption bugs that occur when a pointer is not cleared after memory allocation has been freed. Such flaws may…

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE….

Google has added a new certification program aimed at training a new generation of cybersecurity professionals under its existing Google Career Certificates initiative. Google estimates there are currently more than 750,000 open cybersecurity jobs in the US alone, while meanwhile the rate of cyberattacks increased 38% globally. The new Google Cybersecurity Certificate program will offer…

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…

Google’s Android security bulletin for April 2023 describes 26 vulnerabilities resolved in the Framework and System components as part of the 2023-04-01 security patch level. Most of these are high-severity flaws leading to elevation of privilege (EoP) or information disclosure. Two of the 16 issues addressed in System, however, are critical-severity RCE bugs, tracked as…

Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. In a statement on Tuesday, Google said it took action to block the installation of Pinduoduo on Android devices and said it would scan smartphones for malicious versions through its…

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG),…