Security news aggregator

Latest coverage for Chrome

Stay updated with the latest Chrome security features, vulnerabilities, and updates to safeguard your information online.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Chrome is a web browser that processes and displays web content, executing complex web applications through its rendering engine and JavaScript runtime. Its architecture includes sandboxing techniques to isolate web pages and extensions, limiting their ability to affect the underlying system. Chrome’s extension framework allows third-party add-ons, which can introduce security risks if they request excessive permissions or contain malicious code.

Security concerns focus on vulnerabilities in Chrome’s engine or sandbox that could enable remote code execution or privilege escalation. Malicious or compromised extensions may access sensitive data or inject harmful scripts, making permission management critical. Timely patching of browser updates and monitoring for zero-day exploits are essential to maintain security, while features like site isolation help contain attacks originating from compromised web content or extensions. Understanding these aspects is key for protecting users from browser-based threats.

Showing 6 most recent headlines Filtered view

Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details about their browser.…

Krebs on Security 3 months ago

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited