Sync allows users to share bookmarks, browser tabs, extensions, and passwords across different devices running Chrome. Lastly, a security researcher reported on Thursday that hackers were using malware that abused the Chrome sync feature to bypass firewalls so the malware could connect to command and control servers. Google has declined to comment on that speculation or provide further details about exploits of CVE-2021-21148. Microsoft issued its own report speculating that the attack was exploiting a Chrome zero-day.
In a post published Friday by security firm Tenable, however, researchers noted that the flaw was reported to Google on January 24, one day before Google’s threat analysis group dropped a bombshell report that hackers sponsored by a nation-state were using a malicious website to infect security researchers with malware. Once again, Google provided minimal information about the vulnerability, saying only that the company “is aware of reports that an exploit for CVE-2021-21148 exists in the wild.” Tracked as CVE-2021-21148, the vulnerability stems from a buffer overflow flaw in V8, Google’s open source JavaScript engine.
#TAB SUSPENDER CHROME MALWARE UPDATE#
Next, Google on Thursday released a Chrome update that fixes what the company said was a zero-day vulnerability in the browser. A Google spokesman declined to elaborate. Messages displayed on devices that had the extension installed say only, “This extension contains malware” along with an indication that it has been removed. Google's official reason for the removal is characteristically terse. That allows Chrome to run smoothly on systems with modest resources. Since Chrome tabs are known to consume large amounts of memory, the Great Suspender temporarily suspends tabs that haven’t been opened recently. The extension has been an almost essential tool for users with small amounts of RAM on their devices. Let’s discuss them one by one.įirst up, the Great Suspender, an extension with more than 2 million downloads from the Chrome Web Store, has been pulled from Google servers and deleted from users’ computers. Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls.
0 kommentar(er)
