Google Fixes Dozens of Bugs in November Android Patch
Google’s November update for Android includes patches for more than a dozen critical vulnerabilities, several of which are in the kernel. The monthly update also includes fixes for a number of remote code execution flaws. One of the critical vulnerabilities is an issue with the Qualcomm cryptographic driver that could lead to code execution. “A […]
More Than Half of All Pages on Chrome Loaded Over HTTPS
After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company’s data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased […]
Microsoft, Google, and User Safety
There was a time in the not-so-distant past when nasty public fights between Microsoft and various researchers over when and how to disclose vulnerabilities were just about a weekly occurrence. That time thankfully has passed, but, as the current disagreement between Google and Microsoft over Google’s disclosure of a Windows zero day makes clear, everyone […]
Google Identifies Unpatched Windows Bug Being Used in Attacks
Ten days after informing Microsoft of a serious privilege of escalation vulnerability in Windows, Google researchers have disclosed some limited information about the bug because it is under active attack. The Google researchers discovered the vulnerability earlier this month and sent the details to Microsoft on Oct. 21. The team at Google knew that attackers […]
No Surprise Google is Storing Allo Messages
The launch of Google Allo came with a big surprise. The surprise isn’t that Allo stores users’ messages indefinitely by default, the surprise is that people were surprised by that. When the company announced Allo in May, Google officials touted its security and privacy features, emphasizing the end-to-end encryption built into the app and the Incognito mode […]
Android Bug in Nexus 5 Devices Allowed Memory Access
Google quietly patched a serious vulnerability in the Android image used on some Nexus devices that could allow an attacker to get full access to a device’s memory even while it was locked. The bug could have been exploited by a remote attacker or someone who had physical access to a vulnerable device. Researchers from IBM’s […]
Google Login Issue Allows Credential Theft
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, […]
Google to Punish the Use of Some Interstitials on Mobile Sites
Google is making a significant change to the way that it handles page ranking for mobile sites in an effort to discourage site owners from throwing up intrusive interstitials such as ads and newsletter signup dialogs before users can view a site. The change involves the way that Google will rank mobile sites that use […]
Google Research Reveals Depth of Deceptive Software Problem
LAS VEGAS–After a year-long study of affiliate networks running pay-per-install programs, which often include shareware, ad-injectors, and other unwanted software, Google and NYU found that nearly 60 percent of offers bundled with these programs are flagged as unwanted and that the networks drive about 60 million download attempts every week. PPI networks are large, complex affiliate […]