Information Technology

Kyle Kucharski/ZDNETIf you’re using Google’s Chrome browser, it’s time to update it — and fast.Google confirmed this week that it has released Chrome 125 for Windows, Mac, and Linux. The update includes a range of patches to security flaws, including a zero-day exploit called CVE-2024-4947. Zero-day exploits are vulnerabilities in software that malicious actors may know about and can easily target users because the software maker has yet to patch the flaw. And if that sounds familiar, it’s because Google released another patch last week to fix another zero-day exploit.Also: Meet Hackbat: An open-source, more powerful Flipper Zero alternativeCVE-2024-4947 refers to “Type Confusion in V8” Javascript. The flaw, which was discovered by security researchers Vasily Berdnikov and Boris Larin at security company Kaspersky, could enable hackers to target individual users and cause their browsers to crash. It could also be used to execute code that could put their data at risk.For its part, Google shared a few precious details about the flaw, saying instead that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” The company added that it’s “aware that an exploit for CVE-2024-4947 exists in the wild,” but it stopped short of providing details. More

Kerry Wan/ZDNETGoogle’s Android 15 is launching later this year. But Google is already talking about some of the important security updates users can expect when it’s made available.The tech giant said on Wednesday that it’s planning a host of security updates for Android 15 and its Google Play marketplace that could ultimately improve user security. In a blog post, Dave Kleidermacher, vice president of engineering, Android security, and privacy, said his company is committed to ensuring “user safety is a top priority.” The updates unveiled in his blog post center mainly on “fraud and scam protection features” that will close some of the loopholes malicious actors use to target Android users.Also: 5 exciting Android features Google just announced at I/O 2024That said, the updates will be coming to Android 15, an operating system that Google is currently testing in beta and won’t be made available to its entire user base until later this year. So, while the updates will undoubtedly help some users, their effect won’t be felt until Android 15 launches sometime this fall. More

JuSun/Getty Images A hacker who calls himself Menelik has taken credit for not one but two recent data breaches against PC maker Dell. In the first attack as reported by TechCrunch, he claims to have accessed a Dell online portal through which he stole customer names, physical addresses, and order information. Staging a second attack […] More

Richard Sharrocks/Getty Images For years, some of the world’s biggest tech companies have been shielded from lawsuits by Section 230 of the Communications Decency Act. But newly proposed legislation could change that — and have major implications for tech companies themselves. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank […] More

Pablo Trujillo Like the Flipper Zero but want something a little more powerful? Then this open-source penetration testing tool may be for you. But you will have to build it yourself.  Or more accurately, you will have to get a company that prints circuit boards and adds the components to build one for you. That […] More

Is there a Bluetooth tracker surreptitiously monitoring your location? Your smartphone can now alert you. Maria Diaz/ZDNETIn May 2023, Google and Apple announced they were joining forces to unveil a new specification aimed at enhancing user privacy with Bluetooth-enabled tracking devices. This initiative is designed to prevent people from using these devices to track others without their consent, marking a significant step towards safeguarding personal privacy in the digital age.In a joint statement yesterday, both companies announced that an alerting mechanism is being rolled out to iOS and Android users.Also: The best AirTag accessories you can buyThis capability is rolling out in iOS 17.5 for iPhone users and to Android 6.0+ devices. This will alert users if someone else’s AirTag, Find My Device network-compatible tracker tag or other industry specification-compatible Bluetooth tracker is moving about with them. When a tracker that is not registered on their device is detected moving with them over time, the device displays an alert: “[Item] Found Moving With You.”The potential victim has several options to address the situation. They can view the tracker’s identifier, activate a sound on the tracker to help locate it and access detailed instructions on how to disable it. This set of features is designed to empower individuals to protect themselves effectively against unwanted tracking, enhancing personal security and peace of mind. More

Jack Wallen/ZDNETGoogle plans to modify the built-in Password Manager in Chrome for Android to ensure passwords can’t be accidentally deleted. If you use Google Password Manager, you could find yourself in an unwanted situation where all your saved passwords are deleted when clearing browser data.Also: The best VPN services (and how to choose the right one for you)Android Police reported that Redditor /u/harish9294 switched from a more traditional password manager solution and opted for Google Password Manager for an “integrated and unified experience.” Unfortunately, that switch caused the user to lose all their saved passwords after clearing Chrome’s cached data. More

Jack Wallen/ZDNETGoogle has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a “use-after-free” vulnerability in Chrome’s Visuals component.You might be asking, “what is Chrome’s Visuals component?” In short, it’s the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone’s vulnerable.Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn’t matter if your machine’s running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.Also: 5 ways to declutter your Chrome browser – and take back control of your tab lifeDiscovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it’s a serious vulnerability.It could be worse — ratings above 9.0 are critical, aka Fix It Right Now — but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it’s bad news.What really makes this one a stinker is that it’s being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild. More