Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Trumpets US Federal Open Source Security Initiative

A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support.

DARKReading
Open in Source
#vulnerability#google#nodejs#git#pdf
Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1

Categories: News Tags: Google Chrome Tags: Chrome 110 Tags: Windows 7 Tags: Windows 10 Tags: Windows 11 Tags: Windows 8.1 Tags: Windows Subsystem for Android Tags: WSA Chrome will not be there for you when Microsoft ends its Extended Security Updates program for legacy Windows versions early next year. (Read more...) The post Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1 appeared first on Malwarebytes Labs.

Chrome Extensions Harboring Dormant Colors Malware Infect Over a Million PCs

By Waqas Among other capabilities, Dormant Colors malware can also inject ads into standard pages and append affiliate links to e-commerce websites to generate affiliate revenue. This is a post from HackRead.com Read the original post: Chrome Extensions Harboring Dormant Colors Malware Infect Over a Million PCs

Google Chrome Pays $57K (and Counting) in Bug Bounties for Latest Update

Chrome's Stable Channel 107 rollout includes security fixes from a slew of independent researchers, racking up nearly $60,000 in bounties.

CVE-2022-3474: GrpcRemoteDownloader sends credentials of all domains to remote assets API

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.

CVE-2022-39360: Refactor password reset login for SSO users (#25819) (#25826) · metabase/metabase@edadf73

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login.

4 Reasons Open Source Matters for Cloud Security

When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the

Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program

Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.