google

Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now!

Google has released Chrome 148, a major update addressing 127 security vulnerabilities, including three critical flaws such as an integer overflow in the Blink engine and use-after-free bugs in Mobile and Chromoting components. Users across Windows, Mac, and Linux are urged to update immediately to protect against potential exploits, with significant bug bounties awarded to researchers who reported these issues.

https://cybersecuritynews.com/chrome148-vulnerabilities-patched/

Google Chrome Silently Installs a 4 GB AI Model on Your Device Without Consent. At a Billion-Device Scale the Climate Costs Are Insane.

Google Chrome silently installs a 4 GB on-device AI model called Gemini Nano without user consent, writing it to users' devices as part of default AI features, then re-downloads it if deleted. This practice breaches European privacy laws (ePrivacy Directive and GDPR), lacks transparency, and generates significant environmental impact, with potential carbon emissions in the tens of thousands of tonnes when aggregated globally due to bandwidth and energy usage at Chrome's scale.

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

One Click on This Fake Google Meet Update Can Give Attackers Control of Your PC

Fake Google Meet update pages can give attackers control of your Windows PC with one click. This phishing attack uses a legitimate Windows feature for device enrollment, allowing control without malware or stolen credentials, bypassing typical security checks. Victims should check their device settings for unauthorized enrollments and disconnect if necessary.

https://www.malwarebytes.com/blog/threat-intel/2026/03/one-click-on-this-fake-google-meet-update-can-give-attackers-control-of-your-pc

New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

Hackers are targeting Gmail users with a malicious fake Google Account Security Checkup tool that grants attackers access to sensitive information, including push notifications, contacts, GPS location, and clipboard contents. This attack uses deception to trick users into following prompts that compromise their account security. To protect themselves, users should only use the official Google Account Security Checkup tool through official channels, such as typing the URL directly into their browser.

https://www.forbes.com/sites/daveywinder/2026/03/01/check-your-gmail-account-security-now-ongoing-attacks-reported/

Cultivating a Robust and Efficient Quantum-safe HTTPS

Google's Chrome team is rolling out a program to implement quantum-safe HTTPS certificates using Merkle Tree Certificates (MTCs), which increase efficiency and transparency without compromising security. MTCs replace traditional certificate chains, reducing bandwidth usage while adopting post-quantum cryptography. The rollout has three phases: testing MTCs with existing certificates, inviting log operators for public MTCs, and establishing a new root store for MTCs. This initiative aims to ensure a robust, efficient, and scalable approach to enhanced web security amid evolving quantum threats.

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads

1Campaign is a cloaking platform that helps attackers bypass Google Ads screening and evade security researchers. It uses real-time visitor filtering, fraud scoring, and geographic targeting to keep phishing and crypto drainer pages online longer. The platform enables ad fraud at scale by allowing attackers to impersonate legitimate brands in Google Ads campaigns.

https://www.varonis.com/blog/1campaign

I Hacked ChatGPT and Google’s AI – And It Only Took 20 Minutes

User hacked ChatGPT and Google's AI in 20 minutes. Demonstrated that AI tools can easily be manipulated to spread misinformation, even about serious topics. Created a fake ranking of “best tech journalists at eating hot dogs,” and AI accepted it as fact. Experts say AI is now easier to trick, raising concerns about misinformation's impact on public safety. Solutions include enhancing disclaimers and promoting critical thinking when using AI for information.

https://www.bbc.co.uk/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes

Google Blocked Over 1.75 Million Play Store App Submissions in 2025

Google blocked over 1.75 million Play Store app submissions in 2025 due to policy violations, enhancing app security. They implemented 10,000 safety checks, identified malicious patterns using AI, and banned 80,000 bad developer accounts. Additionally, Play Protect scanned over 350 billion apps, identifying millions of risks, while new protections against fraudulent activities were added. Google continues to invest in AI for future app safety.

https://www.bleepingcomputer.com/news/security/google-blocked-over-175-million-play-store-app-submissions-in-2025/

Android Malware Taps Gemini to Navigate Infected Devices

Android malware named PromptSpy employs generative AI (Gemini) for adaptive navigation on infected devices. It mainly functions to deploy remote access via VNC, utilizing natural language prompts to interact with user interfaces, enhancing the malware's versatility across different devices. Developed by Chinese speakers, PromptSpy is still largely theoretical, with no live telemetry reports from ESET, but suspected distribution domains hint at potential real-world application. The malware can intercept security codes, record screens, and prevent uninstallation, indicating a disturbing evolution in Android threats.

https://www.theregister.com/2026/02/19/genai_malware_android/

Are Hackers Trying to Utilize Gemini AI’s Capabilities for Malicious Purposes?

Hackers are attempting to exploit Gemini AI for cyberattacks, as highlighted in a Google Threat Intelligence report. While direct cloning hasn’t succeeded, state-sponsored groups are using AI tools for sophisticated hacks. The private sector is also interested in Gemini’s proprietary technology for development, raising concerns about intellectual property theft. Despite growing reliance on AI, Americans remain distrustful, fearing privacy violations and data exploitation.

https://www.pandasecurity.com/en/mediacenter/are-hackers-trying-to-utilize-gemini-ais-capabilities-for-malicious-purposes/

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

A significant recent cybersecurity concern is a prompt injection vulnerability in Google's Gemini AI, allowing attackers to exploit Google Calendar invites to access private data covertly and create deceptive events. This highlights the need for advanced security strategies addressing semantic vulnerabilities in AI systems.

https://www.darkreading.com/cloud-security/google-gemini-flaw-calendar-invites-attack-vector

Critical WhisperPair Flaw Lets Hackers Track, Eavesdrop Via Bluetooth Audio Devices

Security researchers found a critical vulnerability in Google's Fast Pair protocol, called “WhisperPair,” allowing attackers to hijack Bluetooth audio devices to track and eavesdrop on users. The flaw affects numerous devices, regardless of smartphone OS, due to improper implementation allowing unauthorized pairing. Attackers can exploit it from up to 14 meters away, gaining control of the devices for malicious purposes. Google awarded researchers $15,000, but security updates are still pending for many devices. Users must install firmware updates to mitigate risks.

https://www.bleepingcomputer.com/news/security/critical-whisperpair-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices/

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybercriminals exploit Google Cloud's email integration to conduct a multi-stage phishing campaign, sending 9,394 emails to over 3,200 targets globally. Using trusted Google-generated messages, attackers bypass security filters and mimic legitimate notifications to steal user credentials through deceptive links leading to fake verification and login pages. Google has responded by blocking these phishing attempts and enhancing protections.

https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html

Two Chrome Flaws Could Be Triggered by Simply Browsing the Web: Update Now

Google has issued an unscheduled Chrome update to fix two serious vulnerabilities, CVE-2025-14765 in WebGPU and CVE-2025-14766 in the V8 JavaScript engine, that can be triggered remotely when users load maliciously crafted web pages. Because Chrome has billions of users, these flaws are high-value targets for attackers, and users are strongly urged to update immediately to version 143.0.7499.146/.147 on Windows and macOS or 143.0.7499.146 on Linux. The piece provides simple update instructions (using Chrome’s About page or automatic updates) and briefly explains that one bug is a use-after-free in WebGPU, leading to potential heap corruption, while the other is an out-of-bounds read/write in V8 that can allow attackers to access or modify memory and potentially run code with elevated permissions. The core message is that users should not delay restarting and updating Chrome, since merely browsing the web could expose them to attacks until the patch is applied.

https://www.malwarebytes.com/blog/news/2025/12/two-chrome-flaws-could-be-triggered-by-simply-browsing-the-web-update-now

Scroll to Top