Latest news with #ChromeUpdate
Forbes
2 days ago
- Business
- Forbes
Google Issues Emergency Update For All 3 Billion Chrome Users
Update all browsers now. Google has suddenly released an emergency Chrome update, warning that a vulnerability discovered by its Threat Analysis Group has been used in attacks. Such is the severity of the risk, that Google also confirmed that ahead of this update, The issue 'was mitigated on 2025-05-28 by a configuration change' pushed out to all platforms. Google says it 'is aware that an exploit for CVE-2025-5419 exists in the wild,' and that full access to details on the vulnerability will 'be be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' CVE-2025-5419 is an out of bounds read and write in V8, the type of dangerous memory flaw typically found and fixed on the world's most popular browser. While it's only marked as high-severity, the fact attacks are underway means apply the fix is critical. There is already a U.S. government mandate for federal staff to update Chrome by Thursday or stop using the browser, after a separate attack warning. And there has been another high-severity fix since then, with two separate fixes. It is inevitable that this latest warning and update will also prompt CISA to issue a 21-day update mandate. There is a second fix included in this emergency update — CVE-2025-5068 is another memory issue, a 'use after free in Blink,' that was disclosed by an external researcher. NIST warns that CVE-2025-5419 'allows a remote attacker to potentially exploit heap corruption via a crafted HTML page,' and that it applies across Chromium, suggesting other browsers will also issue emergency patches. As usual, you should a flag on your browser that see the update has downloaded. You need to restart Chrome to ensure it takes full effect. All your normal tabs will then reopen — unless you elect not to do that. But your Incognito tabs will not reopen, so make sure you save any work or copy down any URLs you want to revisit.
Forbes
7 days ago
- General
- Forbes
Android Users Need To Update Chrome Now — 8 Security Reasons Why
Update Chrome for Android now. LightRocket via Getty Images Smartphone users have had a rough old time of it lately as far as security issues are concerned. What with everything from specific PIN codes being flagged as insecure, an FBI warning of a new and highly dangerous attack threat, and Google advising about mobile threats targeting Android users. Of course, it's not all been bad news. I've reported how a secret code can stop Android smartphone attacks, and Google's recent Android updates have added smartphone security features anew. Now there's another Android update that Google has just dropped, and this one needs to be implemented as soon as possible. Don't wait, act today. Here are the eight security reasons why. Hardly a week goes by without a Chrome security update being released by Google, and that's a very good thing indeed, as it means your security is being protected. By discovering such vulnerabilities and releasing patches to fix them, Google enables you to shore up your smartphone before attackers can exploit them. Assuming, that is, you apply those updates as soon as they are released. And there, dear reader, lies the rub: many users wait until an automatic update arrives, even though, as Google readily admits, this can take days or weeks. Days or weeks that leave an opportunity for hackers to attack. That's why it's imperative to kickstart any update as soon as it has been confirmed, using the usual methods for the desktop, or by downloading the latest app for Android. And it is the latter that needs your attention now, today. Google has confirmed in a May 28 posting that Chrome for Android 37.0.7151.61 will become available on Google Play in the coming days. Go and check now, and update if it's there. This release includes fixes for eight listed Common Vulnerabilities and Exposures, that's eight security issues that could impact your safety if not addressed. The CVEs are as follows: High Medium Low So, you know what to do: check that your Chrome for Android app is up to date and check it now.
Forbes
28-05-2025
- Business
- Forbes
Google's New Chrome Update—Do Not Ignore June 5 Deadline
Why you need to update Chrome now NurPhoto via Getty Images Google has just updated Chrome again, warning that two high-severity vulnerabilities put PCs at risk. The 'use after free' and 'out of bounds' memory issues are typical for the browser, and while there are no attack warnings this time, these are the types of flaws often chained to other exploits to enable attacks. Details are scarce, as Google says 'access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' There are 11 fixes in total with the release of version 137.0.7151.55/56. The new high- and medium-severity fixes are as follows: Earlier this month, Google warned that Chrome had been actively exploited and issued an urgent fix for CVE-2025-4664. The company's confirmation 'that an exploit exists in the wild' followed a public disclosure on X from @slonser_ that a query parameter takeover could exploit sensitive data in a string which 'might lead to an Account Takeover' if the query parameter is stolen. Given attacks in the wild, America's cyber defense agency issued a mandatory warning for federal staff to update or stop using browsers by June 5. While that update instruction isn't mandatory for other users, you should follow suit and update by June 5. This vulnerability was openly disclosed from the get-go and is now in the public domain. That leaves browsers at risk until updates are applied. CISA's remit is 'to help [all organizations] As Cybersecurity News warns 'the vulnerability poses significant risks, including unauthorized data leakage across web origins… Given its classification as a zero-day flaw, it was exploited before Google released the patch, heightening the urgency for mitigation.' Remember, you need to restart your browser once the update has downloaded. As long as you have the current version, all past fixes will be applied and you will be protected.
The Sun
18-05-2025
- The Sun
Alert for ALL Google Chrome users to ‘relaunch' browsers now – or device could be hijacked by worrying ‘zero-day' flaw
GOOGLE Chrome users have been warned to urgently update their browsers to avoid a potential cyber attack. The tech giant has issued an alert to anyone who uses the browser on their PC. 1 A concerning bug has been found on the popular app which could lead to hijacking of your device. The bug has been given a "zero-day" mark which indicates that the vulnerability is being actively used by hackers in the wild. Google has acted so swiftly to address the issue and has now patched the browser to prevent it from any further attacks. Google said: "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks." However, the fix will only work after it has been downloaded and installed on your browser. Vsevolod Kokorin, a security researcher at Solidlab, was the first to discover this most recent Chrome issue and confirmed that it may result in an account takeover by cybercriminals. It is now crucial to make sure you are using the most recent version of Chrome if you use it as your primary web browser. To accomplish this, just select "About Chrome" after clicking on the Chrome in the toolbar. Make sure you have rebooted your browser to the latest version as soon as possible. Mobile phone users never have to make calls AGAIN as Google launches bizarre new tool for appointments and more It comes just hours after Google users have been alerted to check their accounts or risk losing their data forever. And it's especially worthwhile if you've ever used Google Maps and want to remember key places visited in the past. Google has been warning users for sometime that changes are coming soon. Google Maps has a Timeline feature - previously known as Location History - which keeps a record of any you've been to via the app. The tool is especially handy for remembering special spots, such as where you met a partner or a fancy restaurant you once visited. The tech giant is moving things around so data is kept on-device instead of in the cloud. Failure to act will result in users losing this past data. That deadline is now here, set for today.
Chicago Tribune
03-03-2025
- Entertainment
- Chicago Tribune
Topps' debut patch cards have become a sought-after collectible for some young major leaguers
GLENDALE, Ariz. — Cam Booser's bumpy road to the major leagues included arm and back injuries, along with a stint as a carpenter in his native Seattle. Such an unlikely big league debut was worth commemorating, and he was determined to track down a specific memento — a one-of-a-kind baseball card that included a jersey patch from his uniform for his first game. So was his older sister, Kelsey. After scheming with the Neighborhood Card Shop in California for about a month, Kelsey surprised her younger brother with the prized card for one memorable Christmas present. 'That was one of the cooler moments I've ever had,' said Cam Booser, a reliever who was traded from the Red Sox to the White Sox in December. Topps' debut patch cards, which are autographed and contain a patch from the jersey from the player's first MLB game, have captured the attention of some young major leaguers — even the ones with little previous interest in baseball cards — and longtime collectors. The patches are even part of this year's MLB The Show video game. The hype was ramped up by the pursuit of Paul Skenes' card after it was released in November. Dominic Canzone's mother managed to get her son's card for him, and Chandler Seagle's father presented his son's card to him. Joey Loperfido, an outfielder who made his major league debut last year, wrote 'DM me' on the back of his card and offered an invitation to Thanksgiving in exchange for the memento — and got it back. 'I think it is a resemblance of a lifetime of work right in front of your eyes,' Booser said. The debut patch cards are featured in Topps Chrome Update. Fanatics, which owns Topps, released a Major League Soccer version in December, and it plans to try the card in other properties as well. Some of the patch cards are inserted into Chrome Update, but many are distributed via redemption codes — where Topps ships out the one-of-one card in a protective case after it is claimed in an effort to protect its condition. There were 91 debut patch cards in the first year in 2023 and 251 last year. Jackson Merrill and Yoshinobu Yamamoto are among the sought after cards that haven't been publicly uncovered just yet. 'So this was a completely different take on the traditional, let's call it, relic card,' said Clay Luraschi, the head of product development for Topps. 'You know, how can we work with Major League Baseball to create something that's exclusive for our trading cards versus receiving a jersey, cutting it up and making a card out of something that was used prior.' The patches are sent to major league equipment managers before the season starts. When a player makes his debut, the patch is added to a sleeve on his jersey. It is removed after the game and authenticated before it is shipped back to Topps. 'I'm not a collector. I've never been a collector,' Skenes said. 'I can imagine that it's cool for these kids to sort of feel that connection. I think the one thing that I would say you know potentially that hopefully it's giving them some hope and some relationship to the majors. Because we were all that kid at one point.' The debut patch cards for Skenes — a hard-throwing right-hander who won the NL Rookie of the Year award with the Pittsburgh Pirates — and Jackson Holliday are part of a Fanatics Collect auction this month. Junior Caminero's card was sold for $66,000 in a Fanatics auction in December. Skenes' card was hotly pursued before an 11-year-old boy in Southern California opened the redemption on Christmas morning. The Pirates offered a package for the card in November that included two season tickets for 30 years, but the boy's family opted for the auction. The card was redeemed on Jan. 3, and Topps announced on Jan. 21 that it had been found. Topps posted on X on Jan. 4 that the Skenes card had yet to surface publicly, and published a video of Skenes talking about the card on Instagram on Jan. 8, along with the caption 'Are you accepting the Pirates offer if you pull this card??' The 18 days between when the card was redeemed and Topps' public announcement led to some criticism from collectors who suspected it was a purposeful delay to help increase sales. A Fanatics Collectibles spokesman cited a variety of factors for the timing, including the holidays, protecting the anonymity of the family and the LA wildfires. The social media posts were attributed to the time it took for word of the card's discovery to filter through the large company. A Massachusetts man found a redemption for Loperfido's card and got in touch with the outfielder through social media. He drove the card to Loperfido's New Jersey home. Loperfido, who was traded from Houston to Toronto in July, gave the man money to cover his travel expenses, along with a bat, jersey and tickets and VIP passes for a Blue Jays game at Boston. Since the card hadn't been pulled yet, there was no Thanksgiving appearance. The 25-year-old Loperfido plans to raffle the card off to raise money for a non-profit organization that he volunteered with in college. 'It captures an exciting and once-in-a-lifetime moment for guys in their career; their first game played in the big leagues,' Loperfido said. 'I think it's special. … People are looking for them. The guys coming up in the league, great players like Paul Skenes, these cards are really going to be worth something one day.' Originally Published:
