Google Archives - Page 4 of 12 - Cyber Security Minute

Google Patches Third Actively Exploited Chrome Zero-Day of 2022

Issued by: Security Week

Tracked as CVE-2022-1364 and considered “high severity,” the exploited security hole is described as a type confusion in the V8 JavaScript and WebAssembly engine. Attacks targeting type confusion bugs in Chrome’s V8 engine may lead to arbitrary code execution. All Chromium-based browsers are impacted. “Google is aware that an exploit for CVE-2022-1364 exists in the…

Vulnerabilities

Google Patches Critical Vulnerability With Chrome 99 Update

Issued by: Security Week

The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…

Vulnerabilities

Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days

Issued by: Security Week

Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed. Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a…

Application Security

Google Cuts User Account Compromises in Half With Simple Change

Issued by: Dark Reading

More than 150 million Google users have seen their chance of compromise drop by half following the adoption of two-step verification, a process where users logging in to a Google service will be asked to respond to a push notification sent to a second device, the company said today. The result is an early sign…

Application Security

When Multifactor Authentication Is Compromised: Fighting Back With AI

Issued by: Dark Reading

Multifactor authentication (MFA) became mainstream in 2021. Google began pushing to make MFA its default for all users. The Biden administration even required all federal agencies and contractors to implement MFA in its Executive Order on Improving the Nation’s Cybersecurity. MFA adds in extra layers of verifying a user’s identity so that attackers cannot compromise…

Vulnerabilities

Google Patches 27 Vulnerabilities With Release of Chrome 98

Issued by: Security Week

The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system. Of the 19 flaws, eight carry a severity rating of high, 10 are considered medium severity, and one low risk. More than half of the externally reported vulnerabilities…

Network Security

Web-Tracking ‘Cookies’ Meant to Protect Privacy: Inventor

Issued by: Security Week

California-based engineer and entrepreneur Lou Montulli said the original “cookie” he created decades ago was intended to make life online easier by letting websites remember visitors. Yet the technology has become a lightning rod, attacked for helping tech companies collect data on consumers’ habits key to the targeted web ad business that makes many billions…

Vulnerabilities

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update

Issued by: Security Week

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues. There were 12 use-after-free bugs reported externally, impacting Safe Browsing, Site isolation, Web packaging, Omnibox, Printing, Vulkan, Scheduling, Text Input Method Editor, Bookmarks, Optimization Guide, and Data Transfer. The most…