O'Grady's PowerPage

Tag: Chrome

  • Google releases update for Chrome web browser, patches seventh zero-day exploit for 2022

    Google releases update for Chrome web browser, patches seventh zero-day exploit for 2022

    You might want to update your version of the Google Chrome web browser when you get a chance.

    Google has released a critical Google Chrome update for the Mac and Windows desktop browsers is available that addresses an actively exploited vulnerability.

    The update brings the web browser to version 107.0.5304.87 for Mac and version 107.0.5304.87/.88 for Windows and patches Chrome against its seventh zero-day vulnerability this year. According to Bleeping Computer, the fix patches a bug associated with CVE-2022-3723, which is described as a type confusion bug in the Chrome V8 Javascript engine.

    Google didn’t provide much information about the bug or how it was exploited for security reasons. Users should update their Chrome browser to ensure they are protected from the latest vulnerabilities.

    You can use the following steps to update Chrome on Mac:

    • Launch the Chrome browser
    • Click on the icon for More — three vertical dots – at top right
    • Choose Help
    • Click on About Google Chrome
    • If it appears, click on Update Google Chrome
    • Note that if you have already updated to the latest available version then there won’t be an Update Google Chrome button.

    Stay tuned for additional details as they become available.

    Via AppleInsider and Bleeping Computer

  • Google announces that Stadia gaming service will close down in mid-January of 2023

    Google announces that Stadia gaming service will close down in mid-January of 2023

    As neat an idea as it was, Google Stadia is coming to an end.

    Google on Thursday announces that it will shut down its Stadia cloud gaming service, with access set to end in mid-January 2023. Google will be providing refunds for all hardware purchases, all game purchases, and all purchases of in-app add-on content made through the Stadia store.

    The streaming service was unable to gain the traction that the company was expecting, leading to its closure.

    Players will be able to access their games library and play through January 18, 2023. During the winding down process, some games may have gameplay issues, especially games requiring commerce, but the majority will “continue to work normally.”

    While customers will receive refunds for hardware purchases and all software transactions, Google will not be refunding Stadia Pro subscriptions:

    Google offered the following comment:

    “We will be offering refunds for all Stadia hardware purchases (Stadia Controller, Founders Edition, Premiere Edition, and Play and Watch with Google TV packages) made through the Google Store and software transactions (games and add-on purchases) through the Stadia store. Stadia Pro subscriptions are not eligible for refund, however you will be able to continue playing your games in Pro without further charges until the final wind down date.”

    Ahead of the shutdown, the Stadia store has closed off all commerce on the platform, including in-game transactions.

    Google Stadia launched in November of 2019. The service was designed to allow for cloud-based gaming across a range of devices, including PCs, Chromebooks, Macs, iPhones, and iPads.

    Stay tuned for additional details as they become available.

    Via MacRumors and Google

  • O.MG Elite device demonstrated at DEFCON, offers new hacking functionalities while disguised as Lightning cable

    O.MG Elite device demonstrated at DEFCON, offers new hacking functionalities while disguised as Lightning cable

    You might want to keep an eye out for this.

    A new version of the O.MG hacking tool has been released that looks like an unassuming Lightning cable, and can compromise a range of devices as well as inject commands, log keystrokes, and more.

    The O.MG Elite was recently demonstrated at the DEFCON cybersecurity conference in Las Vegas.

    “It’s a cable that looks identical to the other cables you already have,” creator MG said. “But inside each cable, I put an implant that’s got a web server, USB communications, and Wi-Fi access. So it plugs in, powers up, and you can connect to it.”

    Compared to previous versions of the O.MG Cable, the O.MG Elite offers expanded network functionalities that allow for bidirectional communication. The device can both listen for incoming commands from an attacker and send data from a device that it’s connected to back to a control server.

    Like other products sold by penetration testing company Hak5, the OM.G Elite can inject keystrokes that allow it to launch apps, download malware, or steal passwords saved in Chrome. It network functionalities allow it to send any data that it has stolen back to an attacker.

    These types of attacks require that the cable be physically plugged into a machine. Still, that physical access could allow an attacker to compromise a range of devices, from a Mac to an iPhone to an iPad.

    The O.MG Elite retails for $179.99, which likely puts it out of the price range of low-level scammers and makes it a tool for professionals, in other words.

    As always, be sure to use only cables you purchased yourself and be somewhat wary of accessories you find or that someone gives you.

    Stay tuned for additional details as they become available.

    Via AppleInsider and The Verge

  • Google releases updated version of Chrome web browser to offer emergency zero-day fix

    Google releases updated version of Chrome web browser to offer emergency zero-day fix

    It may be time to update your copy of Google Chrome again.

    Google has issued its third urgent update for Chrome, one that patches another zero-day vulnerability for its web browser.

    The update, which stands at version 100.0.4898.127, was released on Thursday in the Stable Update Channel for Google Chrome, and applies to the macOS, Windows, and Linux versions of the browser. Google has stated that the update will roll out over the coming days and weeks, albeit users may want to force the update earlier.

    The update includes a pair of security fixes, including a “type confusion” vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, with Google rapidly bringing out a fix for it.

    The bug in question, once performed, can cause either a browser to crash or trigger an error, which then has the power to allow arbitrary code to be executed.

    The type of bug is similar to an issue that Google patched on March 26, which involved another “type confusion” weakness in Chrome’s V8 JavaScript engine. Again, the latest exploit uses the same vector of the V8 JavaScript engine.

    Google has stated that the company “is aware that an exploit for CVE-202201364 exists in the wild,” a factor that contributed to the quick creation of a fix. While Google has held off on providing explicit details of the bug, it has stated that it is restricting access to that information until “a majority of users are updated” and therefore protected.

    The update to the new version can be performed automatically for the user, though it can be manually performed in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update has been downloaded, click “Relaunch.”

    If you’ve tried the updated version of Google Chrome, please let us know about your experience in the comments.

    Via AppleInsider and The Register

  • Google Chrome updated to 99.0.4844.84, addresses several high-severity exploits

    Google Chrome updated to 99.0.4844.84, addresses several high-severity exploits

    It may be time to update your copy of the Google Chrome web browser.

    Google on Friday released an updated version of Chrome that includes a fix for a high-severity zero-day bug that made it into the browser. The update is available now for macOS.

    The Chrome Team said on Friday there was a “Stable Channel Update for Desktop” that brings Chrome up to version 99.0.4844.84 on macOS, as well as Windows and Linux. The update is important, as it fixes a high-severity bug in the browser.

    The issue, identified as CVE-2022-1096, is a “type confusion” weakness for Chrome’s V8 JavaScript engine. The bug was identified by an anonymous security researcher and details of the bug’s workings are being kept restricted until “a majority of users are updated with a fix.”

    Type confusion exploits refer to a bug that can crash a web browser due to the reading and writing of memory going outside of buffer boundaries. The exploits can cause crashes as well as be used by an attacker to execute code.

    Google has yet to say when it would reveal the exact details of the vulnerability.

    The update to the new version is available as an automatic update, though it can be manually performed in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update has been downloaded, click “Relaunch.”

    Stay tuned for additional details as they become available.

    Via AppleInsider, Bleeping Computer, and chromereleases.googleblog.com