Browser Security

Chrome & MSHTML Zero-Days Exploited; Google Advances Quantum HTTPS

Nishant Sharma

β€” 2 min read
This newsletter is AI generated and may hallucinate sometimes 😊

New Chrome Vulnerability Lets Malicious Extensions Escalate Privileges via Gemini Panel

  • A vulnerability in Chrome's Gemini AI panel allows malicious extensions to bypass security policies, leading to privilege escalation and unauthorized actions.
  • This flaw could enable attackers, via compromised extensions, to remotely access and capture data from a victim's camera and microphone without explicit consent.
  • Google has acknowledged the issue and is developing a fix, emphasizing the importance of user vigilance regarding extension permissions and timely browser updates.

Source: The Hacker News | Date: March 01, 2026

Google Develops Merkle Tree Certificates for Quantum-Resistant HTTPS in Chrome

  • Google is implementing experimental Merkle tree certificates in Chrome to advance quantum-resistant HTTPS, aiming to secure web communications against future quantum computing threats.
  • This initiative introduces a new extension to the standard X.509 certificate format, allowing the embedding of multiple public keys signed by diverse cryptographic algorithms.
  • The development signifies a strategic move towards a hybrid post-quantum cryptographic scheme, enhancing the long-term security posture of browser-server interactions.

Source: The Hacker News | Date: March 01, 2026

APT28 Exploits MSHTML Zero-Day CVE-2026-21513 Before February 2026 Patch Tuesday

  • The Russian state-sponsored hacking group APT28 (Fancy Bear) has actively exploited CVE-2026-21513, a zero-day vulnerability in Microsoft's MSHTML platform, prior to its official patch release.
  • This critical remote code execution (RCE) flaw was weaponized in targeted spear-phishing campaigns to deploy malware against unsuspecting victims.
  • The ongoing exploitation of this zero-day underscores the persistent threat from advanced persistent threat groups leveraging unpatched vulnerabilities in critical web rendering components.

Source: The Hacker News | Date: March 01, 2026

References

  1. New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel - The Hacker News
  2. Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely - Cybersecurity News
  3. Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome - The Hacker News
  4. APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday - The Hacker News
  5. MSHTML Framework 0-Day Exploited by APT28 Hackers Before Feb 2026’s Patch Tuesday Update - Cybersecurity News
  6. Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch - Security Affairs

Read more

Browser Security: Phishing, Chrome, and Web Flaws Detected

This newsletter is AI generated and may hallucinate sometimes 😊 Starkiller Phishing Suite Bypasses MFA with AiTM Reverse Proxy * The Starkiller phishing suite actively employs Adversary-in-the-Middle (AiTM) reverse proxy techniques to effectively bypass multi-factor authentication (MFA) protections. * This sophisticated campaign intercepts user credentials and authenticated session cookies, allowing attackers to hijack