All news with #chrome tag

Google patches V8 zero-day in Chrome; admins urged

⚠️ Google released an emergency patch for a high‑severity Type Confusion vulnerability in the V8 JavaScript engine (CVE-2025-13223), which the company says is being exploited in the wild. The flaw, rated CVSS 8.8 and discovered by Clément Lecigne of Google TAG, affects Chromium‑based browsers and can enable heap corruption and potential code execution. Administrators should prioritize updating Chrome to the patched 142.0.7444.175/.176 builds. A second V8 issue, CVE-2025-13224, is also fixed.

Google Chrome fixes actively exploited V8 type bug

🛡️ Google has released emergency Chrome updates addressing two V8 engine type confusion flaws, including an actively exploited vulnerability tracked as CVE-2025-13223 (CVSS 8.8) that can lead to arbitrary code execution or crashes. The patch also fixes CVE-2025-13224 flagged by Google's AI agent Big Sleep and completes a set of seven zero-days addressed this year. Users should update Chrome to 142.0.7444.175/.176 (Windows/macOS/Linux) and apply fixes for other Chromium-based browsers when available.

Chrome to Enable Always Use Secure Connections by Default

🔒 Google will enable Always Use Secure Connections by default in Chrome 154 (October 2026), prompting users before the first access to any public site that lacks HTTPS. The browser will attempt HTTPS for every connection and show a bypassable warning when HTTPS is unavailable, while suppressing repeated warnings for frequently visited sites. A public-sites-only variant excludes private/local names to reduce noise and will roll out earlier to Enhanced Safe Browsing users. Administrators can disable the setting and Google provides migration guidance.

Google abandons Privacy Sandbox, ends most cookie efforts

🍪 Google has announced it is discontinuing 11 Privacy Sandbox technologies — effectively ending most of the company’s cookie‑replacement efforts after evaluating low adoption and ecosystem feedback. The decision follows regulatory scrutiny from the UK’s Competition and Market Authority and several U.S. antitrust actions, and came after prior concessions from Google. The company says it will continue to work on privacy improvements for Chrome, Android and the web but will move away from the Privacy Sandbox branding.

Chrome on Android: Advanced Protection Enhancements

🔒 Android's Advanced Protection extends Google's device-level security and integrates with Chrome on Android, enabling three core protections to guard high-risk users such as journalists and officials. It forces HTTPS via the Always Use Secure Connections mode, turns on full Site Isolation for devices with 4GB+ RAM, and reduces attack surface by disabling V8's higher-level JavaScript optimizers. Settings are available on Android 16 in Chrome 137+, and enterprises can control behaviors via policies while affected users should enable automatic updates and join the Advanced Protection Program for maximum defense. These measures trade some performance for stronger exploitation resistance.