125 matches found
Google Cracks Down on Malicious Chrome Extensions in Major Update
Google on Monday announced major changes to its Chrome Web Store as the company tries to ax the malicious extensions that have continuously popped up on its platform over the years. The array of security improvements include a stricter extension review process, new code-readability requirements...
Google Blocks Chrome Extension Installations From 3rd-Party Sites
You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome...
Google Blocks Chrome Extension Installations From 3rd-Party Sites
You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome...
Google Bans Cryptocurrency Mining Extensions From Chrome Web Store
In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden...
TPshop 后台代码执行漏洞
0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ,是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城,系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件,设计得非常灵活,具有模块化架构体系和丰富的功能,易于与第三方应用系统无缝集成,在设计上,包含相当全面,以模块化架构体系,让应用组合变得相当灵活,功能也相当丰富。 下载地址:http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...
Cisco Patches Critical Flaw in WebEx Chrome Plugin
A vulnerability in the Cisco WebEx Chrome Plugin, used by tens of millions for web conferencing in business environments, exposed computers to remote code execution. Cisco has begun releasing updates that patch the flaw, details of which were disclosed Monday by Google Project Zero researcher Tav...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability of the Chrome Web Store extension installation process is related to improper handling of the object’s existence time. Exploiting this vulnerability can allow a malicious actor to cause service failure the inability to use the resource after it is released or have other effects...
CVE-2016-1708
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...
CVE-2016-1708
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...
Design/Logic Flaw
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...
CVE-2016-1708
CVE-2016-1708 affects Google Chrome/Chromium’s Extensions subsystem, specifically the Chrome Web Store inline-installation path. The issue stems from not properly accounting for object lifetimes during progress observation, enabling a use-after-free scenario that can lead to a denial of service o...
CVE-2016-1708
Removed by vendor...
Google Chrome Malware Leads to Sketchy Facebook Likes
Ever wonder how your mild-mannered friend’s Facebook feed suddenly got packed with lewd clickbait? That’s the question Maxime Kjaer was determined to answer when he noticed a friend’s Facebook feed peppered with Likes for sketchy link bait such as “Basic Kissing Tips”. “Intrigued, I decided to go...
Google Stresses Transparency in New Chrome Web Store Policies
Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has porte...
Google Chrome Multiple Vulnerabilities (Mar 2016) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome Multiple Vulnerabilities (Mar 2016) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
chromium-browser: origin confusion in Extensions UI
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...
CVE-2016-1640
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...
CVE-2016-1640
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...
CVE-2016-1640
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...