Google Chrome to revoke notification access for inactive sites
Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven't been visited recently, to reduce alert overload. [...]
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven't been visited recently, to reduce alert overload. [...]
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products
GTIG highlighted indicators that Clop is behind the extortion campaign targeting Oracle EBS instances, with its activity likely beginning as early as August 9
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. [...]
Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being EmployedData-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers.
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them
The Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. [...]
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. [...]
Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. [...]