FlagThis

Google Chrome has updated the existing Enhanced protection feature with AI technology to provide real-time protection against malicious websites, downloads, and browser extensions. This updated protection is part of Safe Browsing and enables real-time analysis of patterns to identify suspicious or dangerous webpages.

A zero-day exploit was discovered in the OAuth implementation for Google Chrome extensions. This vulnerability allowed malicious actors to insert malicious code into Chrome extensions via a phishing campaign. The security flaw was identified by SquareX researchers just days before a widespread attack, highlighting the critical need for improved browser security and proactive detection methods for zero day vulnerabilities. This incident led to the hijacking of multiple Chrome extensions, compromising user security.

The Glove Stealer malware employs a novel technique to circumvent Chrome’s App-Bound Encryption, enabling the theft of browser cookies and other sensitive data. This malware is written in .NET and targets browser extensions and locally installed software. The sophistication of this technique highlights the ongoing evolution of malware and the need for robust security measures.