Lucene search
K

125 matches found

ThreatPost
ThreatPost
added 2018/10/02 2:1 p.m.12 views

Google Cracks Down on Malicious Chrome Extensions in Major Update

Google on Monday announced major changes to its Chrome Web Store as the company tries to ax the malicious extensions that have continuously popped up on its platform over the years. The array of security improvements include a stricter extension review process, new code-readability requirements...

0.2AI score
Exploits0References5
The Hacker News
The Hacker News
added 2018/06/12 7:40 p.m.1 views

Google Blocks Chrome Extension Installations From 3rd-Party Sites

You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/12 7:40 p.m.171 views

Google Blocks Chrome Extension Installations From 3rd-Party Sites

You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/03 6:17 a.m.36 views

Google Bans Cryptocurrency Mining Extensions From Chrome Web Store

In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/04 12:0 a.m.211 views

TPshop 后台代码执行漏洞

0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ,是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城,系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件,设计得非常灵活,具有模块化架构体系和丰富的功能,易于与第三方应用系统无缝集成,在设计上,包含相当全面,以模块化架构体系,让应用组合变得相当灵活,功能也相当丰富。 下载地址:http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/01/24 8:32 a.m.7 views

Cisco Patches Critical Flaw in WebEx Chrome Plugin

A vulnerability in the Cisco WebEx Chrome Plugin, used by tens of millions for web conferencing in business environments, exposed computers to remote code execution. Cisco has begun releasing updates that patch the flaw, details of which were disclosed Monday by Google Project Zero researcher Tav...

8.1AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the Chrome Web Store extension installation process is related to improper handling of the object’s existence time. Exploiting this vulnerability can allow a malicious actor to cause service failure the inability to use the resource after it is released or have other effects...

6.8CVSS7.7AI score0.00995EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2016/07/23 7:59 p.m.15 views

CVE-2016-1708

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...

8.8CVSS9.1AI score0.00995EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2016/07/23 7:59 p.m.18 views

CVE-2016-1708

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...

8.8CVSS7.3AI score0.00995EPSS
Exploits0References2
Prion
Prion
added 2016/07/23 7:59 p.m.10 views

Design/Logic Flaw

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...

6.8CVSS7.5AI score0.00995EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2016/07/23 7:0 p.m.79 views

CVE-2016-1708

CVE-2016-1708 affects Google Chrome/Chromium’s Extensions subsystem, specifically the Chrome Web Store inline-installation path. The issue stems from not properly accounting for object lifetimes during progress observation, enabling a use-after-free scenario that can lead to a denial of service o...

8.8CVSS8.9AI score0.00995EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2016/07/23 7:0 p.m.29 views

CVE-2016-1708

Removed by vendor...

8.8CVSS9.3AI score0.00995EPSS
Exploits0
ThreatPost
ThreatPost
added 2016/07/19 1:13 p.m.8 views

Google Chrome Malware Leads to Sketchy Facebook Likes

Ever wonder how your mild-mannered friend’s Facebook feed suddenly got packed with lewd clickbait? That’s the question Maxime Kjaer was determined to answer when he noticed a friend’s Facebook feed peppered with Likes for sketchy link bait such as “Basic Kissing Tips”. “Intrigued, I decided to go...

0.8AI score
Exploits0References3
ThreatPost
ThreatPost
added 2016/04/18 12:11 p.m.18 views

Google Stresses Transparency in New Chrome Web Store Policies

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has porte...

0.7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2016/03/08 12:0 a.m.40 views

Google Chrome Multiple Vulnerabilities (Mar 2016) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

10CVSS7.2AI score0.02451EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2016/03/08 12:0 a.m.31 views

Google Chrome Multiple Vulnerabilities (Mar 2016) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

10CVSS7.2AI score0.02451EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2016/03/07 3:22 a.m.8 views

chromium-browser: origin confusion in Extensions UI

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

4.3CVSS7.4AI score0.01146EPSS
Exploits0References5
OSV
OSV
added 2016/03/06 2:59 a.m.4 views

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

4.3CVSS6.7AI score0.01146EPSS
Exploits0References12
NVD
NVD
added 2016/03/06 2:59 a.m.15 views

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

4.3CVSS5.9AI score0.01146EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2016/03/06 2:59 a.m.21 views

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

4.3CVSS6.8AI score0.01146EPSS
Exploits0References2
Rows per page
Query Builder