ICT Security-Sécurité PC et Internet

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.

The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Browsers

A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.

The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Coinhive

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users’ computers by secretly mining for virtual cash.

The SafeBrowse plugin claims to let you surf the web without the nuisance of wasting time, waiting for annoying advertising pop-ups to disappear so you can, for instance, get your hands on a free download.

What you may not realise, however, is how SafeBrowse’s authors are planning to make money out of your use of their ostensibly “free” tool. That’s because the browser extension automatically mines for digital cryptocurrencies as it runs in your background.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

http://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptocurrency+mining

Summary: Google Chrome version 21.0.1180.60 (21.0.1180.57 for Mac and Linux) is out, fixing 15 security vulnerabilities in the search giant's browser.

===> Strictly from a security perspective, you should upgrade as soon as possible. <===

Read more:

http://www.zdnet.com/google-chrome-21-is-out-7000001920/

Chrome Stable Update
Wednesday, February 15, 2012 | 12:00
Labels: Stable updates

The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

===> UPDATE! <===

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.

A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code.

The bug (CVE-2020-6519) is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. Chrome versions 73 (March 2019) through 83 are affected (84 was released in July and fixes the issue).

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Browsers

Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt vor drei Sicherheitslücken in Googles Chrome-Browser. Auch die Open-Source-Variante Chromium soll betroffen sein.
Zwei der Schwachstellen sind als kritisch eingestuft. Sie ermöglichen es Hackern, beliebigen Code auszuführen.

Nutzern, die noch nicht auf die aktuellen Versionen (jeweils 61.0.3163.100) umgestiegen sind, wird dringend angeraten, das Browser-Update durchzuführen. Betroffen von der Schwachstelle sind Systeme mit Windows (ab Windows XP), Macintosh (Mac OS X und macOS Sierra) sowie Linux und Chrome OS. Bei Letzterem ist der Browser integraler Bestandteil.

Laut BSI ermöglichen die Lücken "einem entfernten, nicht authentifizierten Angreifer" das Ausführen von beliebigem Code. So könnte etwa ein Denial-of-Service (DoS)- Angriff durchgeführt werden.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/05/02/get-smart-with-5-minutes-tutorialsit-securitypart-1-browsers/

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

If you're a Chrome user, and suddenly your browser looks a bit off and shows you pages that you would never visit, you've been hit with the Mutabaha Trojan.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/05/02/get-smart-with-5-minutes-tutorialsit-securitypart-1-browsers/