The malicious extension has been called SHARPEXT by researchers at Volexity and impacts the Chromium-based web browsers, Chrome, Edge, and can steal email from Gmail. Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)
US Cybersecurity and Infrastructure Security Agency advisories on security updates – Chrome, Oracle, Drupal, Apple, Cisco and Atlassian
CISA has issued advisories on the following: Google Releases Security Updates for Chrome | CISA Drupal Releases Security Update | CISA Oracle Releases July 2022 Critical Patch Update | CISA Apple Releases Security Updates for Multiple Products | CISA – SANS had a good round-up of these updates here. Cisco …
Anonymous browsing – not anymore
Researchers from the New Jersey Institute of Technology have written a paper, which they will present at the Usenix Security Symposium in Boston, demonstrating how threat actors (or governments or law enforcement) could de-anonymise a users from their browsing habits. The attackers would analyse browsing activity and state to determine …
CISA adds one known vulnerability to it’s database for Microsoft Windows
The US Cybersecurity and Infrastructure Security Agency has added one new vulnerability to it’s Known Exploited Vulnerabilities Catalog for a Microsoft Windows privilege escalation vulnerability – this has been addressed in Microsoft’s July 2022 Patch Tuesday. CISA Adds One Known Exploited Vulnerability to Catalog | CISA
WebRTC zero-day fix available for Microsoft Edge
Better late than never… WebRTC zero-day fix lands in Microsoft Edge • The Register Actively exploited zero-day flaw in Google Chrome now patched – is yours? Could you check? – Smart Thinking Solutions