Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Palo Alto, USA, 29th March 2025, CyberNewsWire

HackRead
Open in Source
#vulnerability#web#mac#google#git#oauth#auth#chrome
Vulnerability in most browsers abused in targeted attacks

A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

Money Laundering 101, and why Joe is worried

In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.

CVE-2025-2783: Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.93 3/26/2025 134.0.6998.177/.178

GHSA-785h-76cm-cpmf: Django TomSelect incomplete escaping of dangerous characters in widget attributes

### Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. ### Details Attributes passed to the widget (such as `label_field`) containing `<`, `>`, and similar tokens are not fully escaped. This results in some raw values reaching the widget, and rendering in part or fully. For example, a label of: `"Test User <script>I can pass this to the label_field and it gets rendered</script>"` is rendered in the choices's label visually as `"Test User "` with the trailing space, and what appears as an un-executed script tag following it (which is visible when viewing source). The actual output rendered in the browser for this example is: `<div role="option" data-value="63f205b6" class="item" data-ts-item="">Test User <script>I can pass this to the label_field and it gets rendered</script></div>` The script tags appears to be valid in Chrome dev tool...

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

How to Enter the US With Your Digital Privacy Intact

Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.

New Phishing Campaign Targets macOS Users with Fake Security Alerts

LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users.

What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06)

This week on the Lock and Code podcast, we speak with Carey Parker about what Google Chrome knows about you.