ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings...

CVE-2024-23211

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings...

CVE-2023-42939

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report...

CVE-2020-9775

An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time...

Apple iPadOS and iPhone OS Information Disclosure Vulnerability

iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for iPad. iPhone OS is Apple's operating system for iPhone and iPod touch. Apple iPadOS and iPhone OS suffer from an information disclosure vulnerability that originates from the possibility that a...

Code injection

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings...

Cross-site Scripting (XSS)

nagvis is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link or visiting a malicious website. The malicious link or website would contain a specially crafted XSS payload, which would be injected into the NagVis...

Information Disclosure

firefox and thunderbird are vulnerable to Information Disclosure. An attacker could exploit this vulnerability by creating a malicious website that would contain a specially crafted off-screen canvas element. When the victim visited the website, the off-screen canvas element would be able to acce...

Information Disclosure

chromium is vulnerable to Information Disclosure. This vulnerability occurs when Chrome parses a specially crafted HTML page that contains a Custom Tabs link. If the page is valid, Chrome could be tricked into opening the link in a non-default Custom Tab which could allow the attacker to track th...

A Bug in iOS 15 Is Leaking User Browsing Activity in Real Time

Apple has known about the vulnerability, which also affects iPadOS 15 and Safari 15, since late November...

Bug in Safari browser leaks personal identifiers and browsing activity

By Deeba Ahmed The bug affects the Safari 15 browser for Mac and all versions of Safari on iOS 15 and… This is a post from HackRead.com Read the original post: Bug in Safari browser leaks personal identifiers and browsing activity...

Design/Logic Flaw

If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...

CVE-2021-23985

CVE-2021-23985 affects Mozilla Firefox prior to version 87. The issue involves the ability to alter certain about:config values (e.g., via malware on the user’s machine) that could enable Devtools remote debugging in a way that is unobtrusive to the user, allowing a remote attacker with direct ne...

CVE-2021-23985

If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...

Google Removes Chrome Extension Used in Banking Fraud

Google has removed from the Chrome Web Store a malicious browser extension used by criminals in Brazil to target corporate users with the aim of stealing banking credentials. The twist is that the attackers did their homework on their targets, learning via social networks whom inside an...

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect...

Google Stresses Transparency in New Chrome Web Store Policies

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has porte...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 32.0.1700.95 Platform version: 4920.71.0 for all Chrome OS devices except Chromebook Pixel, which is expected in the upcoming days. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over t...

Firefox Add-on Spies on Google Search Results

Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on the user’s Google search results. The malicious Firefox extension, called “Adobe Flash Player 0.2,” injects ads into the user’s Google search results pages and even has the capability to monit...