Latest news with #Chrome
Forbes
2 hours ago
- Forbes
Are These Dangerous Apps Already Hacking Your Smartphone?
Are these apps already attacking your phone? getty There's a dangerous game of hide and seek taking place on your phone. The tradecraft behind the malicious app industry is fast becoming as much about hiding as attacking. If you can't be seen, then you can't be deleted. And more damage will be done. That's the crux of the new warning from Zimperium, whose zLabs team followed up on Human's report into Konfety evil twin attacks that I covered a year ago. 'At its peak,' Human said, 'Konfety-related programmatic bids reached 10 billion requests per day.' Forbes Microsoft Confirms New Upgrade Deadlines—'Move To Windows 11' By Zak Doffman 'Bids per day' because this is an adware (advertising fraud) attack. The ruse is simple. The bad actors create two versions of an app with the same name. One is benign and is uploaded to Google's Play Store, with some basic, barely useful features. The second 'evil twin' version of the app is dangerous, and is distributed via other channels. The evil twin overloads its host phone with unwanted ads, often taking up the entire screen, making it difficult to actually operate the phone. This generates revenue for the bad actors, tricking legitimate advertisers into paying for fraudulently delivered ads. Now, 'as part of our ongoing mission to identify emerging threats to mobile security,' Zimperium says it has been 'actively tracking a new, sophisticated variant' of the threat. The zLabs team says the threat actors behind Konfety 'consistently alter their targeted ad networks and update their methods to evade detection.' In the latest variants of the malware, this includes 'specifically tampering with the APK's ZIP structure… to bypass security checks and significantly complicate reverse engineering efforts, making detection and analysis more challenging for security professionals.' The scale of this adware industry is out of control. Not all attacks operate in this scale way, but they are mostly (but not always) driven by apps sideloaded from outside the official app stores. That's the easiest way to stay safe — stop sideloading. Forbes Google Warns All Chrome Users—Update Now As Attacks Underway By Zak Doffman That's why Google's new Advanced Protection Mode that comes with Android 16 restricts sideloading with no option to disable or workaround that protection. Apps installed in this way carry significantly more risks to users, phones and data. 'Konfety's operations depict the latest in a series of adaptations from ad fraudsters to cloak their activities using novel tactics that enable them to evade detection,' Human said last year. The new report from Zimperium shows nothing at all has changed.
Tom's Guide
4 hours ago
- Tom's Guide
Google is rolling out Gemini to more Wear OS smartwatches — here's what it brings and whether your device is eligible
Google is making sure its Gemini AI is slowly but surely embedded across its entire software suite. That means that along with seeing it appear in Chrome browsers, Android Auto infotainment systems and Nest home devices, it's also coming to your wrist with Wear OS. Samsung's brand new Galaxy Watch 8, unveiled last week at Samsung Unpacked, is one of the first to wearables to debut with Gemini built-in. But Google followed the announcement up with confirmation Gemini would be rolling out to other Wear OS devices in the "coming weeks". It didn't take long as we now have confirmation (via 9to5Google) that devices from the likes of OnePlus, Mobvoi and OPPO are starting to see Gemini become available. The only stipulation is a smartwatch needs to be running at least Wear OS 4 to upgrade to Gemini. So, if you're rocking a OnePlus Watch 2 or a Samsung Galaxy Watch 7 for example, you should be good to go. Eligible Wear OS watch owners can find Gemini by navigating to the Play Store on your watch, scroll down to Manage apps and find the update labeled "Google Gemini on Wear OS". The Samsung Galaxy Watch 8 may have just arrived, but that doesn't make the still-capable Galaxy Watch 7 any less enticing at nearly 34% off. Moreover, in 40mm, this is a great easy-wearing smartwatch for Android users in 2025 and will get a real boost from Gemini's AI smarts. Gemini effectively replaces the Google Assistant (R.I.P) and lets you execute a ton of functionality from your wrist without having to use your hands. Which is super helpful if your hands are full because you're cycling, cooking or carrying something. To enable Gemini, use the "Hey Google" wake command or — on some devices — you can press and hold the side button to fire it up. Because it's baked into the OS, it will interact with certain apps. So, for example, you can ask it to give you a heads-up on what the weather is doing that day or if you have any appointments in your calendar coming up. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. However, what really sets it apart is the ability to work across your apps simultaneously and avoid multiple steps. For example, if you're on a bike ride, you can ask Gemini to send a message to a contact, dictate the message and have it sent without needing to exit away from or interrupt your workout. Here's a couple of other use cases and some prompts to try for Gemini on Wear OS: Of course, Gemini has much more functionality in other areas and if you're a Google power user then you'll want to familiarize yourself with what it can do. Check out 5 smart ways to use Gemini Live with your phone right now and how to use Google Gemini to summarize a YouTube video. And if you want to write smarter prompts in Gemini, here's 5 tips to get better results. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Business Insider
5 hours ago
- Business
- Business Insider
Why Sam Altman and OpenAI are making a web browser
OpenAI kicked off the AI boom with ChatGPT in 2022. It plans to make some kind of mystery gadget with famed Apple designer Jony Ive. It is also working on … a web browser? Yes: Sam Altman and company are working on a web browser — something most of you don't spend much time thinking about, even though you use it all the time. Like when you're reading this article. OpenAI's interest in a browser is something of an open secret in tech. Earlier this month, Reuters reported that the company plans to release its browser "in the coming weeks." But why would OpenAI spend time on tech that seemed very important in the 1990s — when the internet was brand-new — but doesn't seem top of mind right now? OpenAI won't tell me. A rep there declined to comment on the existence of the company's browser project, or anything else. But people who spend their time working on browsers think OpenAI's plan is straightforward: Like other AI companies, OpenAI says it will make virtual assistants that can learn about you, figure out what you need, and provide it whenever you need — that's the " agentic" future AI people keep talking about. And in order to do that, it will need to peer into your life, and it will need to access all sorts of data and sites. An app can't do that. But a browser, in theory, can —especially for people who spend a lot of time using their computers for work, shopping, and other high-value tasks. If you're on a browser right now, think of how many other tabs you have open, and how much data each one of them contains about you — not just the sites you visit, but the spreadsheets and docs you're working on, and/or how you manage your finances and everything else. "If you believe that AI agents are going to be the future of our industry, those agents will need two things," says Josh Miller, CEO of The Browser Company. "They will need access to the tools you use every day, and they need to be with you as you're doing your work, so they have context." And for those same reasons, some tech folks argue, OpenAI owning a browser isn't just nice to have — it's a crucial part of the company's plans. It's also a way to protect itself if competitors like Apple or Google — who have their own AI agendas — limit OpenAI's access to their platforms. But announcing you have a browser is different from getting people to switch browsers, which isn't something most people do willingly or often. If you're a normal person, you likely haven't thought about which browser you use in some time — you probably use Chrome, Google's browser, or Safari, the Apple browser that comes as the default option on iPhones and MacBooks. Before that, you may have used Netscape Navigator — the first browser many people used to get on the web — or Internet Explorer — Microsoft's answer to Netscape, which it promoted aggressively (and, the US government argued in court, illegally). But periodically, people keep trying to introduce new browsers. Brave, for instance, launched in 2016 by promoting itself as an ad-blocker, but has since emphasized connections to crypto. The Browser Company launched its Arc Browser widely in 2023, pitching it as a browser for people who were frustrated with Chrome. "Browser markets are immortal," says Brave CEO Brendan Eich, arguing that opportunities for new entrants pop up every few years. Brave says they now have more than 90 million active users — not huge, but enough to crack some lists of browsers ranked by market share. Meanwhile, The Browser Company has announced that it is moving on from Arc to focus on Dia, a new, AI-first browser. Miller says Arc topped out at a "few million." He says the company immediately found a group of fans willing to spend time learning how to use its complicated set of features, and loved it — but that it struggled to find more users after that. Neither Eich nor Miller has a silver bullet for getting new browsers into people's hands, other than getting the software into the hands of enthusiastic users who tell other people to use it, too. Are there other options? Microsoft famously bundled Internet Explorer with its Windows software, to brute force itself into market share — which, again, triggered a bruising antitrust suit. But even if OpenAI has 800 million users worldwide — per a recent Sam Altman kinda-suggestion — it would make no sense for the company to require those users to download its browser. "If you try to force a browser down people's throats, they rebel," Eich says. Which means that Altman has to convince users that OpenAI's browser isn't just better than the alternatives, but offers new tools and new ways to use them. Sam Altman is very good at selling. But is he that good?
Daily Mirror
6 hours ago
- Daily Mirror
Everyone using Chrome placed on red alert and told to clear browsing data immediately
Anyone who uses Chrome to surf the web must be on high alert and check they haven't downloaded and rogue browser extensions. There's a worrying alert for those using Google's popular Chrome web browser, and it's not something anyone should ignore. It appears that a number of extensions have been released that come laced with malware, and it could give hackers the ability to spy on daily browsing sessions. That means online crooks might be able to see exactly what Chrome users are looking at online, along with stealing highly personal data. The rogue extensions were first spotted by the team at Koi Security, and they use a clever tactic to avoid detection. When first released and downloaded, they appear completely clean of any viruses. However, once users have installed the extensions, hackers then add the data-stealing spyware at a later date. It's a concerning issue, especially as it's thought that over 2 million people are thought to be affected. A total of 18 Chrome extensions have been found to have the malware, with many getting top reviews and even appearing on Google's own Chrome store. They include emoji keyboards, weather services, YouTube extras and more. Here's the full list of affected extensions, with some also targeting the Chrome-powered Edge browser. • Emoji keyboard online (Chrome) • Free Weather Forecast (Chrome) • Unlock Discord (Chrome) • Dark Theme (Chrome) • Volume Max (Chrome) • Unblock TikTok (Chrome) • Unlock YouTube VPN (Chrome) • Geco colorpick (Chrome) • Weather (Chrome) • Unlock TikTok (Edge) • Volume Booster (Edge) • Web Sound Equalizer (Edge) • Header Value (Edge) • Flash Player (Edge) • Youtube Unblocked (Edge) • SearchGPT (Edge) • Unlock Discord (Edge) If you think you may have installed any of the extensions above, then you need to act now. In fact, the security team at Malwarebytes is urging those affected to clear their browsing data without delay. "Clear all browsing data (history, cookies, cached files, site data) to remove any tracking identifiers or session tokens that may have been stolen or set by the malicious extension," Malwarebytes explained. Chrome users are also being advised to check for any suspicious activity on accounts and make sure they enable two-factor authentication. Another top tip is to reset the browser. "Reset your browser settings to default," Malwarebytes explained. "This can help undo any changes the extension may have made to your search engine, homepage, or other settings. Note: this will also undo any changes you have made manually. Alternatively, look for signs like unexpected redirects, changed search engines, or new toolbars."
Forbes
9 hours ago
- Forbes
Google Confirms Chrome Attacks—You Must Restart Your Browser
Chrome is under attack—again. Here we go again. Google has just confirmed that Chrome is under attack from another zero-day vulnerability that affects Windows PCs. Again, this has been discovered by Google's own Threat Analysis Group, triggering an emergency update. Google warns it is 'aware that an exploit for CVE-2025-6558 exists in the wild.' This specific vulnerability exploits the browser's graphics rendering engine, which is likely being exploited by sophisticated threat actors given the nature of the discovery. Google says the stable channel 'has been updated to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux. This, it says, 'will roll out over the coming days/weeks.' But that's boilerplate. In reality, you can expect this over the next small number of days, and you should restart your browser as soon as it downloads. Such is the shortness of gap between this zero-day and the last, that the U.S. government's cyber defence agency's update mandate is still ongoing. CISA has warned federal employees to update or stop using Chrome by July 23. You can now expect another CISA mandate to be issued in the next few days. As ever, Google says 'access to bug details and links may be kept restricted until a majority of users are updated with a fix.' The latest Chrome update addresses other vulnerabilities as well as the zero-day, including two externally reported high-severity bugs. All told, this is definitely an update you should apply as soon as you can. Chrome remains the de facto default browser on Windows, and so is one of the most prized attack surfaces available. Google takes credit for its quickness in developing and rolling out updates as new flaws are discovered. But attackers will know the clock is now ticking, making this the time of utmost risk for users. Remember, when you restart Chrome your private (Incognito) windows will not reopen. So, make sure you save anything you need before applying the update.
