•   
  •   
  •   

Technology Google Chrome affected by serious security flaw

03:20  27 december  2019
03:20  27 december  2019 Source:   techradar.com

Chrome was hiding another major zero-day flaw

  Chrome was hiding another major zero-day flaw Vulnerability in Chrome has links to Lazarus GroupSecurity researchers from Kaspersky have detected a new vulnerability that can hijack a user's browser to inject malware that could lead to their entire system being put at risk.

Another serious security flaw has been found in the popular Google Chrome Internet browser. Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data. Discovered by researchers at the Tencent Blade Team

Google Chrome runs each instance separately. Malware or issues in one tab can not affect other open browser instances, and the browser is unable to write to or Almost as soon as Google released the public Beta version of the software security researchers began to identify flaws and vulnerabilities.

Another serious security flaw has been found in the popular Google Chrome Internet browser.

a close up of a computer: Google Chrome affected by SQLite vulnerabilities© Provided by TechRadar Google Chrome affected by SQLite vulnerabilities

Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data.

Discovered by researchers at the Tencent Blade Team, the Magellan 2.0 vulnerabilities come just after a year since the same team discovered a similar set of issues within the Chrome browser.

Chrome now warns you when your password has been stolen

  Chrome now warns you when your password has been stolen Chrome 79 arrives with better password protectionsYou can control this new functionality in the sync settings in Chrome, and Google is using strongly hashed and encrypted copies of passwords to match them using multiple layers of encryption. This allows Google to securely match passwords using a technique called private set intersection with blinding.

Google ’s new Chrome version 3.0 addresses two security flaws in the browser that two different researchers namely Inferno and Isaac Dawson Apart from Chrome , Inferno declares that the ATOM/RSS vulnerability also affects the Opera web-browser. According to him, he has found that the

After reporting the security leak, Google Chrome immediately provided a solution. It is crucial to update Google Chrome , these were serious security flaws . The security leak was present in a part of Google Chrome that is used to play audio and video files in the web browser.

  • New Chrome feature describes images on websites for you
  • The best Chrome VPN
  • How to enable dark mode on Google Chrome

SQLite flaws

These vulnerabilities all relate to how data input is validated by Chrome's built in SQL database, specially the way its WebSQL API changes JavaScript code into SQL commands.

At best any of these five vulnerabilities could have resulted in the Chrome browser crashing. At worst, the researchers claim the vulnerabilities could have allowed an attacker to set up a SQL operation to hijack some part of the browser functions, through remote code execution.

However, there's no need to panic as Tencent Blade have already notified Google and SQLite of the vulnerabilities, and these have been patched in the latest version of the Google Chrome browser.

Additionally, the Tencent Blade Team announced that they haven't detected any exploitation of the reported vulnerabilities against general internet users.

  • Stay safe online with the best antivirus software.

Via ZDnet

Google Chrome 81 will bring new AR and NFC features to the web .
Google late last week released a beta version of Chrome 81 for Android, Chrome OS, Linux, macOS, and Windows. Google's latest Chrome update isn't necessarily a must-have just yet, but the update does include a few new APIs which will ultimately provide developers with avenues to bring users a host of new and interesting features. First and foremost, Chrome 81 adds new support for augmented reality on the web, building upon functionality Google has been slowly but steadily adding to Chrome over the past few months. First and foremost, Google Chrome 81 includes a new Hit Test API that makes it easier to place objects in real-world environments.

—   Share news in the SOC. Networks

Topical videos:

usr: 5
This is interesting!