It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May.
As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome.
It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers.
In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.'
This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks.
Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time Business News
17 minutes ago
- Time Business News
Magento 2 Custom Form Builder: A Developer's Guide to Extendability
Running an eCommerce business means constantly juggling customer data collection with seamless user experiences. Building custom HTML forms for Magento stores has always been a headache—hours of coding, testing, and debugging just to get a simple contact form working properly. Many store owners find themselves torn between hiring expensive developers and settling for basic, generic forms that fail to meet their specific needs. Most eCommerce platforms struggle with form creation because the process is unnecessarily complicated. Store owners need specialized forms for quote requests, manufacturer support inquiries, detailed product questions, and custom registration processes. The old way meant writing complex HTML, adding JavaScript validation, and wrestling with backend integrations. What should take a few hours often stretches into weeks of development time. The Custom Form Builder for Magento 2 completely changes this approach. Instead of treating form creation as a technical nightmare, it transforms the entire process into something anyone can handle—no coding experience required. This isn't some lightweight plugin that breaks when you actually need it. The extension handles everything from Magento Open Source 2.3.x all the way up to 2.4.x, plus Adobe Commerce and Adobe Commerce Cloud versions. Recent testing confirms that it works perfectly with Magento 2.4.7-p1 and PHP 8.3, so there are no concerns about future compatibility issues. The technical foundation is solid—it includes JavaScript-enabled browsers, proper PHP configurations, and sufficient server resources (a minimum of 2GB, although 4GB is recommended for optimal performance). Linux servers run it smoothly, while other operating systems may require minor adjustments. Nothing too complicated, but worth checking before installation. Forget about wrestling with HTML code or trying to figure out form styling. The visual builder enables anyone to create professional forms by simply dragging elements into their desired positions. There are 14 different input types available – text fields, dropdowns, checkboxes, radio buttons, file uploads, date selectors, and more. Each element can be customized, repositioned, and configured without touching a single line of code. The interface generates clean, standards-compliant HTML automatically. This means forms look professional and work consistently across different browsers and devices. No more worrying about broken layouts or compatibility issues. Bot attacks and spam submissions can quickly overwhelm any form system. The Custom Form Builder includes Google reCAPTCHA integration, which blocks automated submissions while maintaining a smooth experience for genuine customers. The security runs in the background—customers barely notice it, but spam bots get stopped cold. Form administrators can toggle security features on or off depending on their specific situation. Some forms may require maximum protection, while others can operate with lighter security settings. The flexibility is there when needed. Customer communication shouldn't require manual intervention for every form submission. The extension automatically handles auto-response emails, sending immediate confirmations to customers while notifying administrators about new submissions. Administrators have extensive control over email settings, including blind copy options, customizable sender configurations, and detailed tracking. The automation reduces manual work while maintaining professional communication standards. Customers receive instant confirmation, and administrators stay informed without the need for constant monitoring. Mobile traffic dominates eCommerce today, so forms that don't work properly on smartphones and tablets are essentially useless. The Custom Form Builder creates responsive forms that automatically adapt to any screen size. Whether customers are using phones, tablets, or desktop computers, the forms maintain their functionality and visual appeal. Cross-browser compatibility extends across all major browsers, eliminating the guesswork about whether forms will work for different user bases. The comprehensive approach means fewer support tickets and happier customers. Experienced developers appreciate clean, extendable code that doesn't fight against customization efforts. The extension's architecture supports additional functionality development while maintaining system stability. The codebase follows Magento standards, making it easy to understand and modify as needed. Third-party theme and extension compatibility rarely requires major adjustments. When minor conflicts do arise, the support team handles issues requiring up to two hours of resolution time. For more complex integrations, paid development support is available for extensive customizations. Creating forms is only half the battle—understanding the data they collect is equally important. The extension captures comprehensive submission information, including referral URLs when enabled. This data provides valuable insights into customer behavior patterns and form performance metrics. Administrative controls cover data retention policies, notification preferences, and confirmation pop-up behaviors. The granular settings ensure forms align with specific business requirements without unnecessary complexity. Setting up forms shouldn't require a computer science degree. The extension generates embedding codes automatically, making it simple to place forms anywhere on the store. Whether forms need to appear on product pages, contact sections, or custom landing pages, the deployment process stays straightforward. Strategic form placement becomes easier when technical barriers disappear. Marketing teams can test different locations and approaches without waiting for developer availability. Hiring developers for custom form creation often costs thousands of dollars and takes weeks to complete. The Custom Form Builder eliminates these expenses while delivering professional results immediately. The pricing includes lifetime source code access, one-year technical support, and compatibility updates—significantly more value than traditional development contracts. Time savings extend beyond initial development. Form modifications that previously required developer involvement can now be handled in-house, reducing ongoing maintenance costs and speeding up response times for business changes. Magento and PHP continue evolving rapidly, making future compatibility a constant concern. The Custom Form Builder maintains regular update schedules that keep pace with platform changes. Recent releases demonstrate a consistent commitment to supporting new versions and security enhancements. The stable release history and comprehensive version support provide confidence for long-term planning. Businesses can invest in form infrastructure, knowing their tools will adapt to future platform requirements without major disruptions. Extensions that work perfectly in testing environments sometimes fail under real-world conditions. The Custom Form Builder has been extensively tested with standard Magento installations across various hosting environments. The development team maintains testing environments that mirror typical store configurations, ensuring compatibility with common setups. Performance optimization focuses on form loading speed and submission processing. Forms remain responsive even during high-traffic periods, maintaining customer experience quality when it matters most. Choosing the right form builder means balancing functionality, ease of use, and technical requirements. The Custom Form Builder addresses common pain points that plague other solutions—limited customization options, poor mobile support, security vulnerabilities, and complex setup processes. The combination of drag-and-drop simplicity with developer-grade features creates a solution that grows with business needs. Small stores can start with basic forms and expand functionality as requirements evolve, while larger operations can implement complex data collection strategies immediately. E-commerce form requirements continue to become more sophisticated as businesses seek deeper customer insights and more personalized experiences. The Custom Form Builder's flexible architecture and regular updates position it well for handling emerging requirements without forcing complete system replacements. For Magento store owners tired of choosing between expensive custom development and inadequate generic solutions, this extension offers a practical middle ground that delivers professional results without the traditional complexity and costs associated with custom development. TIME BUSINESS NEWS
New York Times
an hour ago
- New York Times
Anthropic C.E.O.: Don't Let A.I. Companies off the Hook
Picture this: You give a bot notice that you'll shut it down soon, and replace it with a different artificial intelligence system. In the past, you gave it access to your emails. In some of them, you alluded to the fact that you've been having an affair. The bot threatens you, telling you that if the shutdown plans aren't changed, it will forward the emails to your wife. This scenario isn't fiction. Anthropic's latest A.I. model demonstrated just a few weeks ago that it was capable of this kind of behavior. Despite some misleading headlines, the model didn't do this in the real world. Its behavior was part of an evaluation where we deliberately put it in an extreme experimental situation to observe its responses and get early warnings about the risks, much like an airplane manufacturer might test a plane's performance in a wind tunnel. We're not alone in discovering these risks. A recent experimental stress-test of OpenAI's o3 model found that it at times wrote special code to stop itself from being shut down. Google has said that a recent version of its Gemini model is approaching a point where it could help people carry out cyberattacks. And some tests even show that A.I. models are becoming increasingly proficient at the key skills needed to produce biological and other weapons. None of this diminishes the vast promise of A.I. I've written at length about how it could transform science, medicine, energy, defense and much more. It's already increasing productivity in surprising and exciting ways. It has helped, for example, a pharmaceutical company draft clinical study reports in minutes instead of weeks and has helped patients (including members of my own family) diagnose medical issues that could otherwise have been missed. It could accelerate economic growth to an extent not seen for a century, improving everyone's quality of life. This amazing potential inspires me, our researchers and the businesses we work with every day. But to fully realize A.I.'s benefits, we need to find and fix the dangers before they find us. Every time we release a new A.I. system, Anthropic measures and mitigates its risks. We share our models with external research organizations for testing, and we don't release models until we are confident they are safe. We put in place sophisticated defenses against the most serious risks, such as biological weapons. We research not just the models themselves, but also their future effects on the labor market and employment. To show our work in these areas, we publish detailed model evaluations and reports. Want all of The Times? Subscribe.
Business of Fashion
an hour ago
- Business of Fashion
The Year Pride Went Beige
For the past half-decade, Connor Clary has racked up tens of millions of TikTok likes for his sardonic reviews of branded Pride collections. In previous years, he poked fun at what he dubs a 'rainbow barf' aesthetic, including a Target shirt saying, 'Sorry, can't think straight' with a picture of a rainbow-hued brain or a bright green boilersuit with the word 'Gay' plastered in yellow across the back. This year, the theme of many corporate Pride efforts could best be described as 'in the closet,' he said. Clary has reviewed a beige Target Pride collection called 'New Neutrals,' dark denim jorts from Abercrombie & Fitch and a 'bizarre' number of other items that could easily pass for non-Pride clothing. It's not just fewer rainbow tank tops. Obvious political statements, envelope-pushing looks by LGBTQ+ artists, casting of trans models in campaigns and defiance of gender norms are rarer this year. Influencers and LGBTQ+ activists have rolled their eyes at corporate Pride celebrations for years, viewing these efforts as rainbow-washing — latching onto the cause mostly for its marketing potential — or just plain tacky. But the subdued tenor to 2025 Pride merch comes as many brands are avoiding public engagement with progressive causes amid a backlash by right-wing activists and the Trump administration, which has shaken the private sector by declaring DEI efforts unlawful and threatening to release a list of 'woke companies.' In one survey by Gravity Research, a risk management firm, 39 percent of corporate leaders said they planned to reduce 2025 Pride activities, with 61 percent citing fear of retaliation from Trump as a reason. LGBTQ+ youth nonprofit The Trevor Project 'has seen a dip in support from corporate partners this year,' said a spokesperson, and many cities' Pride parade organisers report a steep drop in sponsorships. Steering clear of rainbow T-shirts has its own risks. Target's sales are down from last year due in part to its public retreat from diversity efforts, chief executive Brian Cornell acknowledged in a May earnings call. Nike raised eyebrows last year for not releasing a Pride collection for the first time since 1999; this year it's back with sneakers in collaboration with a pair of WNBA stars (Nike-owned Converse is also out with its usual colourful collection of canvas shoes). A retreat from LGBTQ+ rights can not only alienate customers but also hurt recruitment, creative partnerships and influencer relationships, said Brent Ridge, founder of skincare brand Beekman 1802. 'It just depends on how visible you have been in the past, and how invisible you are now,' he said. 'It's more about the contrast between the two.' The brand's Pride collection includes soap and moisturiser with rainbow packaging designed by residents of the Ali Forney Center. A portion of the profits goes to the LGBTQ+ youth shelter. Beauty brands sticking with Pride campaigns include decades-long supporters like Kiehl's and MAC and younger brands like Glow Recipe. Beekman 1802's Pride collection for 2025. (Beekman 1802) 'Some companies give too much credence or weight to what they think is going to happen,' said Ridge. In a politically fraught time, collections heavy on neutral and black can be seen as a way of laying low, even for brands that continue to support LGBTQ+ organisations and Pride parades. 'A lot of companies … now seem to have the attitude, 'We've been doing it for this long, and it would be a big deal if we didn't do it, so here's just something that is non-offensive and quiet,'' Clary said. Blending In Pride collections typically include their share of basic T-shirts and tanks alongside edgier items. The scarcity of more provocative looks could be viewed as either a tasteful or fearful turn — or possibly both. Some mainstream brands' collections evoke pop stars more than politics this year. Brands used to 'approach Pride with a sense of humour,' said Clary, who noted that Target's cringiest catchphrase merch has disappeared since 2023, when an uproar about trans-friendly swimsuits resulted in violent threats to employees and the retailer pulled items from stores. There are still some whimsical touches at Target, including a rainbow mesh dress and a 'Love is for all' slogan T-shirt. A miniature moving truck featuring bird figurines and the lesbian flag colours has gone viral. In a statement, Target said it 'will continue to mark' Pride month with products, internal programming and event sponsorships. Clary has called out five brands so far for putting out Pride-labeled items that could pass for everyday clothing, including plain denim items, a green oxford shirt and shorts set and a Britney Spears tank top from Abercrombie & Fitch; an earlier year saw the brand's collection draw on American artist and activist Keith Haring. In the UK, Adidas labels a Jeremy Scott collaboration as a 'Pride' collection, but doesn't connect it to the celebration on its US site. There, the Pride landing page displays sneakers available year-round, along with a mention of its partnership with the LGBTQ+ nonprofit Athlete Ally. An Adidas representative said the Jeremy Scott collaboration 'is available in the US as part of the Pride collection,' pointing out a banner saying 'love lifts us up' on a separate landing page minus the term 'Pride.' The titles of the Jeremy Scott Adidas collaboration page on the brand's UK site (top) and US site (bottom). (Screenshots) Standing Up Not all labels are shying away from rainbows or provocation this year, as shown by a bright watch capsule by Guess and a lascivious Diesel collection and campaign cast from the social networking app Grindr. Whether bland or bold, most brands' Pride items are combined with donations to LGBTQ+ causes. Pride is a crucial fundraising month for advocacy, but takes on more urgency this year amid what a Trevor Project representative called 'uniquely challenging political environment' in the US. Abercrombie & Fitch, Lululemon, Sephora, MAC Cosmetics and Rare Beauty are among The Trevor Project's continued supporters. Levi's 2025 collection doesn't have anything as bold as the purple gender-neutral dress by a non-binary textile artist it offered for Pride in 2023. But it was designed in collaboration with the GLBT Historical Society, and the company is one of a small number of large brands to publicly stand by its DEI efforts. The denim brand also tags several pride products with the triangle symbol used by queer activists starting in the 1970s, 'proving that you can go beyond rainbows and remind people that the personal is political,' said Michael Wilke, the founder and executive director of LGBTQ-focused marketing consultancy AdRespect. Beauty labels that have stood by the LGBTQ+ community for decades are also staying active. Kiehl's, a Pride supporter since the 1980s, has an in-store campaign and is donating $150,000 to the Ali Forney Center, while MAC Cosmetics' 30-year-old Viva Glam initiative will donate $1 million and 100 percent of proceeds of a special-edition Kim Petras lip gloss to charities. Sephora teamed up with Haus Labs and Lady Gaga's Born This Way Foundation for a Pride campaign donating $1 from every purchase. Aesop is sponsoring its fifth annual Queer Library in select stores, giving away free copies of books by queer authors in partnership with Penguin Random House and the ACLU. Kim Petras poses with MAC Cosmetics' special-edition lip gloss for Pride 2025. (MAC Cosmetics) Pairing Pride marketing and merchandise with donations helps brands counter accusations of rainbow-washing. Experts also highlight the importance of continuing to elevate the work of smaller artists in the community, especially in the face of right-wing backlash. Not all brands have given in to their own customers' blowback. Nascar has eschewed critics of its kitschy rainbow Pride shirts with phrases like 'Slaytona.' One with 'Yaaascar' in rainbow letters was among the only Pride items that Clary has accepted as a PR gift. 'The move is to crop it and then wear it,' said Clary.
