Tag: chrome,
Google adds data loss prevention, security features to Chrome
Google today rolled out several new features for enterprise users of its Chrome browser, including data loss prevention (DLP), protections against malware and phishing, and the ability to enable zero-trust access to the search engine.
In all, Google highlighted six new features for Chrome – three of them specific to the browser’s existing DLP capabilities.
A new “context-aware” feature allows enterprise administrators to customize DLP rules based on the security posture of the device being used. For example, admins can allow users to download sensitive documents if they’re accessing them from a corporate device that’s up to date on security fixes or is confirmed to have endpoint protection software installed.
Compromised Sites Use Fake Chrome Update Warnings to Spread Malware
The campaign has been underway since November 2022, and according to NTT’s security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores…
If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. “An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update,” reads the fake Chrome error message. The scripts will then automatically download a ZIP file called ‘release.zip’ that is disguised as a Chrome update the user should install.
However, this ZIP file contains a Monero miner that will utilize the device’s CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:Program FilesGoogleChrome as “updater.exe” and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the “BYOVD” (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.
The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.
Read more of this story at Slashdot.
Google Releases Emergency Chrome Security Update
On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google’s own Threat Analysis Group (TAG). This vulnerability is a ‘type confusion’ bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.
While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a “high” severity issue. This is likely due in part to the fact that “Google is aware that an exploit for CVE-2023-2033 exists in the wild.”
The article notes that Chrome updates are generally done automatically, but you can also check for updates by clicking Chrome’s three-dots menu in the top-right corner, then “Help” and “About Chrome.”
Read more of this story at Slashdot.
Chrome update makes browser 30% faster on high-end devices, but with a catch
Google Highlights Recent Speed Improvements Made to Chrome on Mac
Google says that with the latest release of Chrome, the company went “deep under the hood” to find new opportunities to increase speed and efficiency. Google implemented improved HTML parsing for select CSS and JavaScript functions, and added more efficient pointer compression.
Optimizations were made to how pointers are compressed and decompressed, with Google avoiding compressing high-traffic fields. With the frequency of those operations, there was a notable impact on performance. Frequently accessed objects like JavaScript’s “undefined” were also moved to the beginning of memory bases, which allows them to be accessed using faster machine code.
These changes have improved Chrome’s speed on Apple’s Speedometer 2.1 browser benchmark by 10 percent over the last three months. Google Chrome for Mac can be downloaded from the Google website.
This article, “Google Highlights Recent Speed Improvements Made to Chrome on Mac” first appeared on MacRumors.com
Discuss this article in our forums
Google Chrome Is Getting Faster
Google Chrome receives constant updates with new features and capabilities, and earlier this month, Chrome 112 started rolling out. Google has now detailed some of the performance improvements in that release.
Read This Article on How-To Geek ›
New Chrome beta brings advanced 3D graphics to the web with WebGPU
The best VPN extension for Chrome: Keep your browsing private and secure!
Google is Finally Bringing Live Translate Captions to Chrome
After nearly two years, Chrome browsers may soon finally get a feature that has thus far been restricted to Google Pixel phones. On Thursday, Reddit user and Chrome Canary beta tester Leopeva64 posted several screenshots and GIFs on the r/chrome subreddit showing off an upcoming Live Translate caption feature coming…