Gumblar Malware Exploit Circulating

Monday, May 18th, 2009

US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur ...

Google Chrome update patches XSS vulnerability

Friday, April 24th, 2009

Mark Larson, the Google Chrome Project Manager, has posted an advisory on the Google Chrome Releases blog advising of a high risk vulnerability in the Chrome web browser. The cross-site scripting (XSS) vulnerability is caused by an error in handling URLs in the ChromeHTML URI handler, allowing an attacker to ...

Browser plugin blocks ad-tracking cookies

Tuesday, March 17th, 2009

A researcher has developed a browser extension that stops advertising networks from tracking a person's surfing habits, such as search queries and content they view on the web. The extension, called Targeted Advertising Cookie Opt-Out (TACO), enables its users to opt out of 27 advertising networks that are employing behavioural advertising ...

GMail Service CSRF Vulnerability

Tuesday, March 3rd, 2009

Gmail is Google's "free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it ...

Google closes critical hole in Chrome

Tuesday, February 10th, 2009

Google has discovered a vulnerability in its Chrome web browser that can allow an attacker to execute his own commands on a vulnerable Windows system. The vulnerability requires that the victim has previously installed Chrome, but is visiting a rigged web page using another browser, such as Internet Explorer. According to ...