More stories

  • in

    Update Chrome and Firefox now to patch these critical security flaws

    ZDNETWhether you use Chrome, Firefox, or both, it’s time once again to update the browser to stay safe and secure while surfing the web. Released on Tuesday, the latest round of bug fixes for both programs resolves a number of nasty security flaws. Also: The best secure browsers for privacy Chrome users Chrome users will want to update the browser to version 31.0.6778.264/265 for Windows and Mac and version 131.0.6778.264 for Linux. This update includes fixes for four security vulnerabilities. The only flaw on the list that Google described is one for which the company paid $55,000 to the security researcher who discovered and reported it, a sign that it is critical. Known as CVE-2025-0291, this vulnerability cites a Type Confusion in Chrome’s V8 JavaScript engine. This kind of flaw could allow someone to remotely run malicious code through a specially crafted HTML page or even launch a Denial of Service attack on your computer. Also: How a Chrome extension malware scare ruined my dayIn squashing the other bugs, Google pointed to fixes based on internal audits, a software testing technique known as fuzzing, and other initiatives. The company said that many security flaws are found using such tools and techniques as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Firefox users On the Firefox front, version 134 of Mozilla’s browser includes fixes for 11 security vulnerabilities, three of which are rated high and the rest as moderate. One high-severity flaw known as CVE-2025-0244 affects Firefox on Android devices. The description for this one says that an attacker could spoof the browser’s address bar by redirecting the request to an invalid protocol, thereby directing you to a phony URL. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThe other two severe vulnerabilities affect both Firefox and Mozilla’s Thunderbird email client. Dubbed CVE-2025-0242 and CVE-2025-0247, respectively, these were both described by Google as memory safety bugs that showed evidence of memory corruption. Such bugs could allow a remote attacker to read or write code beyond the usual regions of memory. “We presume that with enough effort some of these could have been exploited to run arbitrary code,” Google added. With these critical security flaws in mind, you’ll want to update the browsers ASAP. More

  • in

    Buying a smart home device? Look for this new cybersecurity seal – here’s why

    ZDNETIf a proposal by the Federal Communications Commission goes through, it will soon be much easier for you to know which smart home products are secure.It’s called the ‘US Cyber Trust Mark’In an announcement today, the FCC revealed plans to create a voluntary program for smart device manufacturers. If companies meet certain cybersecurity standards, the product packaging will feature a special “US Cyber Trust Mark” logo.Not only will this help consumers make informed decisions and differentiate trustworthy products, the FCC says, but it should also encourage manufacturers to meet higher security standards.Also: The best smart speakersA White House briefing from 2023 about the same program said it would apply to smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more. Several companies have voiced support for the program, the briefing says, including Amazon, Best Buy, Google, LG Electronics USA., Logitech, and Samsung Electronics. More

  • in

    5 browser extension rules to keep your system safe in 2025

    Ricardo Mendoza Garbayo/Getty Images Some people view browser extensions as a necessary piece of the puzzle, while others see them as a danger. So, how could something so small present such a problem for users?  Consider a recent report by Vulnerable U about data loss prevention service Cyberhaven, which discovered a Chrome extension used by […] More

  • in

    This iOS 18 feature shares your photos with Apple for analysis. Should you be worried?

    Screenshot by Lance Whitney/ZDNETWant to learn more about a landmark, painting, animal, plant, food, or other object that you’ve snapped with your iPhone’s camera? Now you can, with an iOS 18.1 photo look-up feature called Enhanced Visual Search.By scanning and analyzing photos, this tool can categorize and even identify certain items via a web search. Enhanced Visual Search is also available on an iPad with iPadOS 18.1 and a Mac with MacOS Sequoia 15.1.Also: iOS 18.2 was killing my iPhone’s battery until I turned off this featureSounds great, right? Well, that depends. A similar feature called Visual Look Up first debuted with iOS 16, so this type of capability has been around for a couple of years. But Enhanced Visual Search is more advanced, as it shares your photos with Apple to help dig up the right details on the object. That difference has triggered privacy concerns among many people, especially since the sharing is enabled by default.How Enhanced Visual Search worksOpen a photo on your iPhone (or iPad or Mac) that contains an identifiable object. I chose a photo of the Statue of Liberty.If the item is supported by Enhanced Visual Search, the info icon at the bottom will display a small star in the upper left area. Tap the info icon, and the search will categorize the object as a landmark, artwork, animal, plant, or something else. Tap the Look Up option under the photo, and a web search will name the item and let you select any of the search results to learn more about it.Also: Looking to buy a new Apple device? You might want to hold off. Here’s whyBut here’s the rub. To run that search, Apple needs to analyze the photo. Since there are potentially millions and millions of landmarks, animals, and other common items that could be a match, the analysis can’t be done on your device. That’s why the photos need to be shared with Apple and analyzed on its servers.With privacy in mind, Apple has anticipated concerns over photo sharing. On a web page entitled Photos & Privacy, the company explained how Enhanced Visual Search works: More

  • in

    Apple’s $95 million Siri settlement could mean a payout for you – here’s how much

    Maria Diaz/ZDNETApple has settled a class action lawsuit in which tens of millions of users can expect a slice of the payout.Last Tuesday, the iPhone maker agreed to pay $95 million to settle a 2019 lawsuit claiming that Siri violated the privacy of Apple users by recording their conversations, as reported by Reuters.Lopez v. Apple, Inc.Known as Lopez v. Apple, Inc., the class action lawsuit was filed by three plaintiffs who alleged that Apple programmed Siri to intercept conversations even when no hot word, such as “Hey Siri,” was spoken. Further, the plaintiffs claimed that Apple violated their privacy by sharing recordings of the conversations with third-party contractors.Specifically, two of the plaintiffs said that mentioning Air Jordan sneakers and Olive Garden restaurants prompted ads for both products. The third plaintiff said he received ads for a surgical treatment after discussing it privately with his doctor.Also: iOS 18.2 was killing my iPhone’s battery until I turned off this featureIn settling the suit, Apple has denied any wrongdoing on its part. Before the plaintiffs and Apple users can receive their slice of the payout, the settlement must be approved by U.S. District Judge Jeffrey White in the Oakland, Calif., federal court. More

  • in

    McAfee’s new AI tool detects email and text scams before you fall for them

    SOPA Images/Getty Images As the number of scam messages and videos continues to rise, McAfee is introducing a new way to catch scams before you fall for them. The company’s AI scam detector, debuting at CES 2025, will provide McAfee customers with comprehensive protection against text, email, and video scams.  Also: Did you get a […] More

  • in

    I found a malicious Chrome extension on my system – here’s how and what I did next

    ZDNETWell, that wasn’t fun. Last week, Ars Technica ran a report about 33 Chrome extensions that have been found to have malware. And yeah, yesterday I found that I had one of them installed.You can read the Ars article for a list to check yourself. One seemed familiar: Reader Mode. It was intended to clear a page of all non-text to make it more readable, like Safari’s Reader Mode. I haven’t run it for quite some time, but the name was familiar. Also: Google’s favorite Chrome extensions of 2024 can save you time and moneyI went to my 3-dot menu in Chrome, then Extensions, then Manage Extensions. And there it was, right at the top of the page: “This extension contains malware.” Fortunately, the extension was switched off, but I have no idea when it became infected or whether it did any damage to the Chrome installs on my Macs or Windows machines. More