google chrome

Malicious Chrome extensions can now emulate legitimate ones, like password managers, to steal sensitive user data. By exploiting Chrome's ‘chrome.management' API or injecting scripts, these extensions can identify installed extensions and disguise themselves. They trick users into entering credentials via fake prompts. SquareX Labs has illustrated this threat, urging Chrome to take preventative measures, as current protections are inadequate.

https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/

Chrome 133 released for Windows, Mac, Linux on Feb 4, 2025. Includes fixes, security updates (12 vulnerabilities resolved). Rewards offered for bug reports. Details and updates to follow.

https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html

Chrome Desktop Update: Version 132.0.6834.110/111 released for Windows, Mac, and Linux with 3 security fixes, including high severity issues in V8. Update rolls out over days/weeks; details on fixes available. Internal security improvements noted.

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html