Latest news with #ChromeUpdate
Yahoo
28-07-2025
- Business
- Yahoo
Google Chrome adds AI-powered store summaries to help US shoppers
Google on Monday announced an update to its Chrome web browser that will introduce AI-generated store reviews to U.S. shoppers with the aim of helping to determine the best places to make a purchase. The feature, which will be available by clicking an icon just to the left of the web address in the browser, will display a pop-up that informs consumers about the store's reputation for things like product quality, shopping, pricing, customer service, and returns. The feature, which is currently available only in English, will generate the summaries based on reviews from partners, including Bazaarvoice, Bizrate Insights, Reseller Ratings, ScamAdviser, Trustpilot, TurnTo, Yotpo, Verified Reviews, and others. The feature will initially be available to Chrome on the desktop. When reached for comment, Google could not confirm if or when AI summaries would come to mobile devices. Google says the goal with the summaries is to provide a safer and more efficient shopping experience. However, the feature also helps Google better compete with other AI features rolled out by retail giant Amazon, which has been using the new technology to summarize product ratings and reviews, help customers find clothes that fit, get product recommendations and comparisons, and more. The changes arrive as Google, for the first time in many years, is facing a potential competitive threat to Chrome's dominance in the global browser market. New AI-powered browsers like Perplexity's Comet, The Browser Company's Dia, Opera Neon, and perhaps a challenger from OpenAI have the search giant thinking about how to infuse AI more directly into its own web browser. For example, Google is developing an AI agent that would be able to take control of Chrome for you to take actions on your behalf. Plus, the company recently added support for its Gemini AI assistant in Chrome for Gemini subscribers. The move is also part of a broader initiative underway at Google to make it more of a modern-day shopping platform for consumers. Already, the company has tapped AI to help customers locate the products they're interested in, get personalized product recommendations, and virtually try on clothes, and it has been developing tools for better price tracking, shopping in Google's AI Mode, and AI-powered agentic checkout. (The latter two were announced at this year's Google I/O developer conference. Google recently announced that getting outfit and room inspiration in AI Mode would roll out this fall.)
Forbes
01-07-2025
- Forbes
Google Confirms Emergency Update For All Chrome Users—Attacks Underway
Update now warning for billions of Chrome users. Google has issued an emergency update for Chrome users, after its own Threat Analysis Group discovered and reported an actively exploited vulnerability last week. When a single security fix is rolled out this quickly, it's critical to update immediately. Google warns it is 'aware that an exploit for CVE-2025-6554 exists in the wild,' and that 'access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' The high-severity vulnerability is a 'Type Confusion in V8,' Google's Javascript engine, which could allow hackers to remotely execute code on devices. This issue was mitigated 'by a configuration change pushed out to Stable channel across all platforms.' That config change took place a week ago and has been followed by this urgent software update. As usual, it will download to your device. You then need to restart your browser to ensure it installs. All your regular browsing tabs should be restored, but your Incognito private browsing tabs will not, so save any work before you exit Chrome. Attacks exploiting CVE-2025-6554 will come by way of specially crafted HTML pages, and as usual while the assumption is this is very specifically targeted for now, once a vulnerability is in the public domain that can change quickly. Chrome is essentially the default browser on Windows, despite Microsoft's efforts to push Edge more widely. As such, this is primarily a Windows threat. That said, whatever device you're using to run Chrome should be updated today. We saw something similar last month — with another emergency update — which should frame the urgency. The latest update for Windows/ Mac is 138.0.7204.96/.97. We can expect this to prompt a U.S. government update mandate and deadline.
Forbes
19-06-2025
- Forbes
Google Chrome Warning — Windows, Android, Mac And Linux Users Act Now
Update Chrome now. Google users are accustomed to being urged to update now, which is hardly surprising, as its products and services are a magnet for cybercriminals due to the extensive user footprint they enjoy. Google has advised users to replace all Gmail passwords and update to a passkey instead, following numerous account takeover attacks, Google Messages is getting a critical security update, and then there's Chrome, of course. Hot on the heels of a June 10 urgent Google Chrome browser security update, just a week later, the technology behemoth has confirmed yet another security scare that requires users of the world's most popular web browser across all platforms with the exception of iOS to update now. Google has now confirmed two new security vulnerabilities that impact users of Chrome across the Android, Linux, Mac and Windows platforms. The vulnerabilities, both given a high-severity rating and earning four-figure bounty rewards for the researchers who discovered and disclosed them, could enable a successful attacker to execute arbitrary code on your device with all the consequences that can bring. It is for this reason that it's vital you don't wait for the update to reach your browser in the 'coming days and weeks,' as Google noted in its June 17 confirmation, but rather kickstart that process now and ensure the security patches have been activated and are protecting your system. The two vulnerabilities are: CVE-2025-6191: An integer overflow security vulnerability in Chrome's V8. JavaScript rendering engine. CVE-2025-6192: A use-after-free security vulnerability in Chrome's Profiler function. The Google Chrome update process actually happens automatically, but, as Google has noted, it can take some days to reach your browser. When it does, you will see a notification when the update to version 137.0.7151.119/.120. This alone does not mean that you are protected; you need to activate the update in order for it to do that. Err on the side of caution and kickstart the updating process so you can be sure your browser and the data it can access are appropriately protected immediately. Kickstart your Google Chrome update now. Head for the Help menu and select About Google Chrome. This will check for and download the update, and then all you have to do is activate it for instant security from these vulnerabilities. Don't worry, your tabs will reopen as well, so you won't lose them. So, what are you waiting for? Android users simply need to update the Chrome app. Relaunch Google Chrome to activate security updates.
Forbes
18-06-2025
- Forbes
Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users. New warnings have been issued for Chrome's 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away. More critically, an ongoing update mandate deadline in now just 7 days away. America's cyber defense agency warns Chrome 'contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.' CISA says update before June 26 or stop using Chrome. The formal mandate applies just to federal employees, but CISA operates 'for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.' That means all organizations should take note of this deadline and adhere if possible. That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered 'a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web browser.' Now, Positive Technologies says its Threat Intelligence Department 'analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)' dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate. The current CISA update mandate is for CVE-2025-5419, which is also an 'out-of-bounds read and write in V8,' a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We're two weeks into CISA's mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads. While home users should adhere to CISA warnings, it's more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it's a race against time for attackers to use it or lose it when browsers are patched. Do that right away.
Forbes
06-06-2025
- Forbes
New Chrome, Edge Deadline—Update And Restart All Browsers Now
Don't leave it too late. Google made headlines this week, releasing an emergency Chrome update and confirming it had quietly stopped attacks by pushing out changes to all browsers. This is not just a Chrome issue. Microsoft has also updated Edge to mitigate the same threat. With Chrome so dominant on Windows desktops, it's easy to overlook that Edge runs on the same Chromium platform and is often vulnerable to the same vulnerabilities. That's certainly the case here, and it means all users need to take note. CISA has now mandated federal staff update os stop using all Chromium browsers by June 26. 'This vulnerability could affect multiple web browsers that utilize Chromium,' it says, 'including, but not limited to, Chrome, Microsoft Edge, and Opera.' This is only mandatory for federal staff, but all users should do the same. Microsoft warns Edge users that its latest update 'contains a fix for CVE-2025-5419 which has been reported by the Chromium team as having an exploit in the wild.' This echoes Google's initial warning from June 2, which with its own emergency update. For its part, America's cyber defense agency warns this is a 'Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page." While browser vulnerabilities affect mobile platforms and Macs, the primary risk is with Windows PCs. Chrome dominates with a 65% market to Edge's 14%, albeit that is slowly growing. Other browsers remain also-rans outside Apple's ecosystem and Safari. Given Google's and CISA's warnings, updating immediately is critical. As Qualys points out, 'currently, no publicly available information exists regarding exploiting this Google Chrome vulnerability by any specific threat actors. The absence of reports does not necessarily mean the vulnerability is not being exploited.' As ever with such threats, the maximum risk is the period between public disclosure and the majority of users applying updates. Attackers know they're on the clock. That's why Google and others do not issue any further detail at this early stage.
