Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

DARKReading
Open in Source
#google#chrome
🔍 Vulners Lookup – augmented CVE reality

🔍 Vulners Lookup – augmented CVE reality. Yesterday, VulnCheck unveiled a prototype Chrome/Chromium plugin that highlights CVE identifiers on any website and shows a popup with vulnerability details, including whether the vulnerability is in the VulnCheck KEV (an extended CISA KEV). ⚡️ The Vulners team saw this news, loved the idea, and built their own […]

US Government Seeks Medical Records of Trans Youth

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere.

Clickjack attack steals password managers’ secrets

A clickjack attack was revealed this summer that can steal the credentials from password managers that are integrated into web browsers.

CVE-2025-9132: Chromium: CVE-2025-9132 Out of bounds write in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Fake Antivirus App Spreads Android Malware to Spy on Russian Users

Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming…

Fake Copyright Notices Drop New Noodlophile Stealer Variant

Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links and…

CVE-2025-8882: Chromium: CVE-2025-8882 Use after free in Aura

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128

CVE-2025-8881: Chromium: CVE-2025-8881 Inappropriate implementation in File Picker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128

CVE-2025-8880: Chromium: CVE-2025-8880 Race in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128