Google

Pierluigi Paganini August 30, 2022
A new Google bug bounty program now covers Open Source projects

Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 […]

Pierluigi Paganini August 23, 2022
Microsoft publicly discloses details on critical ChromeOS flaw

Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger […]

Pierluigi Paganini August 17, 2022
Google fixed a new Chrome Zero-Day actively exploited in the wild

Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […]

Pierluigi Paganini July 19, 2022
Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […]

Pierluigi Paganini May 19, 2022
Google OAuth client library flaw allowed to deploy of malicious payloads

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token […]

Pierluigi Paganini February 15, 2022
Google fixes a Chrome zero-day flaw actively exploited in attacks

Google fixed a high-severity zero-day flaw actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google. The zero-day […]

Pierluigi Paganini January 06, 2022
France hits Google, Facebook with fines over ‘Cookies’ management

The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France’s National Commission on Informatics and Liberty (CNIL), the French data privacy and protection authority, hit Facebook and Google with 60 million euro ($68 million) and 150 million euro ($170 million) fines respectively. The CNIL fined […]

Pierluigi Paganini November 27, 2021
Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Italy’s antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices. Italy’s antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices and the lack of transparency on the use of […]

Pierluigi Paganini November 02, 2021
Google triples bounty for new Linux Kernel exploitation techniques

Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel. The payouts for privilege escalation exploits using a known vulnerability will be up to US$31,337, […]

Pierluigi Paganini September 13, 2021
New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, “Spook.js,” that can be abused by threat actors to bypass Site Isolation protections implemented in Google Chrome and Chromium browsers. The technique allows in some cases to steal sensitive […]