By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Google Chrome is without a doubt the most popular internet browser in the world right now and according to third-party data, it holds close to 65% market share. Google Chrome is easy to use and secure. Last year, the search engine giant updated the web browser with a much-needed built-in software that would warn users about incompatible apps. It’s an experimental feature and sometime it could warn users against the apps. The browser began blocking third-party software from injecting into Chrome processes. After restarting, it will allow the injection but it would show a warning that guides the user to remove the software. Over the last few days, in an old Google product forum post, the users have revealed that Google Chrome browser is warning them against legit apps and the warning showed up after the browser crashed. In another thread, users claim that they have received a similar warning. A user on Reddit social media website has also shared a screenshot that shows Chrome browser’s warning in action. According to the Reddit user, the Chrome browser crashed and it launched with the above screen. The issue is not limited to any specific app. By the looks of things, the first few reports appeared back in late June and new reports have surfaced online over the last few days. More on this topic is posted on OUR FORUM.

Google has patched a vulnerability in the Chrome browser that allows an attacker to retrieve sensitive information from other sites via audio or video HTML tags. Ron Masas, a security researcher with Imperva, discovered and reported this issue —tracked as CVE-2018-6177— to Google. The browser maker fixed the security hole at the end of July with the release of Chrome v68.0.3440.75. The vulnerability can be exploited in older versions of Chrome in situations where an attacker can lure a victim on a malicious site, via malvertising (malicious code inside ads embedded on legitimate sites), or via vulnerabilities on legitimate sites where an attacker can inject and execute code —such as via stored cross-site scripting (XSS) flaws. In a write-up published earlier today and shared with Bleeping Computer, Masas explained that the attack scenario requires malicious code that loads content from legitimate sites inside audio and video HTML tags. Through the use of "progress" events, Masas says he can deduce the size of responses he gets from external sites, and guess various types of information. Under normal circumstances, this wouldn't be possible because of CORS —Cross-Origin Resource Sharing— a browser security feature that prevents sites from loading resources from other websites, but this attack bypasses CORS. Full details posted on OUR FORUM.

Most recent Intel processors for desktops, laptops, and tablets feature integrated graphics capable of driving 4K displays and maybe even some gaming tasks. But Intel has been beefing up its graphics team recently, and now the company has confirmed recent reports that it plans to launch a discrete graphics card in 2020. The news comes via a short video posted on Twitter, and while it’s light on details, the company does promise that in 2020 it will “set our graphics free,” indicating that we’ll see a GPU that’s not built into the same silicon as an Intel CPU. This isn’t Intel’s first foray into discrete graphics solutions. The company launched the Intel i740 graphics card in 1998… but it was a commercial flop and the company scrapped the entire product line not long after that (a small number of i752 cards were released, but Intel canceled the i754 graphics card before it ever launched). At this point, it’s unclear what Intel hopes to bring to the table in 2020. A lot has changed in the past two decades and the discrete GPU space is still dominated by NVIDIA and AMD (which acquired GPU maker ATI). But Intel has also been chugging along all that time pushing more and more advanced features into integrated graphics. There's more posted on OUR FORUM.

Today is Patch Tuesday and Microsoft has just rolled out Windows 10 KB4343909. In case you’re planning to upgrade the PC manually, the direct download links for Windows 10 KB4343909 are also available. KB4343909 is available for devices running Windows 10 version 1803 and it advances the system to Build 17134.228. The latest patch for Windows 10 April 2018 Update comes with its own pack of improvements. First and foremost, to check if you’re already running the latest build, press Win key + R and then winver. If it shows Windows 10 Build 17134.228, the cumulative update has installed successfully. If the build number is something else, you would need to Open Settings and navigate to Update & Security -> Windows Update -> Check for updates. The latest patch for Windows 10 April 2018 Update addresses both security and non-security bugs. The update has fixed issues with Internet Explorer and Microsoft Edge. In the changelog, Microsoft explains that the new protections against a speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF) have been applied. The company says that the vulnerability affects the Intel Core processors and Intel Xeon, processors. We have posted the download links on OUR FORUM.

At the Black Hat 2018 and DEF CON 26 security conferences held in Las Vegas last week, a security researcher detailed a backdoor mechanism in x86-based VIA C3 processors, a CPU family produced and sold between 2001 and 2003 by Taiwan-based VIA Technologies Inc. The affected CPU family was designed with PC use in mind but was more widely known for being deployed with point-of-sale units, smart kiosks, ATMs, gaming rigs, healthcare devices, and industrial automation equipment. The Rosenbridge backdoor mechanism Christopher Domas, a well-known hardware security expert, says that VIA C3 x86-based CPUs contain what he referred to as a "hidden God mode" that lets an attacker elevate the execution level of malicious code from kernel ring 3 (user mode) to kernel ring 0 (OS kernel). See here about CPU protection rings. Domas says that this backdoor mechanism —which he named Rosenbridge— is a RISC (Reduced Instruction Set Computer) co-processor that sits alongside the main C3 processor. Continue reading on OUR FORUM.

A new report from EnigmaSoft -- makers of the SpyHunter anti-malware product -- reveals the US cities with the highest rates of malware infection. Systems in Atlanta, Orlando, and Denver are most likely to be infected, with Louisville, Witchita, and Anchorage has the lowest infection rates. "It's hard to say exactly why one city or state has a higher rate of infection than others," says EnigmaSoft spokesperson Ryan Gerding. "There's a wide variety at the top of the list. Larger cities, smaller cities, and cities in every geographic area. The same is true for the least infected areas. New York and San Francisco ranked near the very bottom of the list." Infections are listed by state too, with Colorado ranked highest and Alabama lowest. The findings also look at the days of the week when malware is most likely to hit. Wednesday comes out as the most dangerous day, with Saturdays and Sundays the least, perhaps showing that even cybercriminals like to take the weekends off. Infections detected range from what EnigmaSoft identifies as Potentially Unwanted Programs or 'nuisanceware', which slow down computers and change some settings, all the way to ransomware, which threatens to delete valuable files unless the victim pays a ransom. "No matter what city or state you are in or what day of the week it is, it is important to always be vigilant about the threat of malware and other infections," Gerding adds. Find out how your US city ranks by visiting OUR FORUM.