Chrome Patches Critical Safe Browsing Flaw; Edge Gets October Updates

Google has released an urgent security update for Chrome, addressing CVE-2025-11756, a critical type confusion vulnerability within its Safe Browsing component. This update follows Microsoft's October 2025 Patch Tuesday, which included several security fixes for Edge browser. Concurrently, security analysts warn of sophisticated JavaScript malware, 'BeaverTail' and 'OtterCookie,' deployed by North Korean state-sponsored actors, and Microsoft has moved to revoke hundreds of fraudulent digital certificates exploited in various campaigns, enhancing browser trust and user safety.

Google Chrome Patches Critical Safe Browsing Vulnerability

Vulnerability Overview

• CVE ID(s): CVE-2025-11756
• Severity: Critical (Google's classification)
• Vulnerability Type: Type Confusion
• Affected Component: Safe Browsing
• Affected Versions: Chrome versions prior to 132.0.6645.166/.167 for Mac/Linux and 132.0.6645.166/.167/.168 for Windows
• Platforms: Windows, macOS, Linux
• Exploitation Status: No public indication of active exploitation at the time of patch release.

Technical Details

The critical flaw, CVE-2025-11756, is identified as a type confusion vulnerability within Google Chrome's Safe Browsing component. Type confusion bugs typically arise when a program attempts to access a resource (e.g., an object or variable) with a data type that is incompatible with the resource's actual type. This mismatch can lead to unexpected behavior, memory corruption, and potentially arbitrary code execution if an attacker can manipulate the program's memory. Safe Browsing is a crucial security feature designed to protect users from phishing, malware, and other dangerous sites by warning them before they visit hazardous URLs. A vulnerability in this component could theoretically be exploited to bypass security protections or execute malicious code within the browser's context.

Patch Information

• Fixed Version: Chrome 132.0.6645.166/.167 (Mac/Linux), 132.0.6645.166/.167/.168 (Windows)
• Release Date: October 17, 2025
• Rollout Status: Rapid rollout to stable channels.
• Update Method: Users are advised to update their Chrome browsers immediately via the browser's built-in update mechanism (Settings > About Chrome).

Microsoft's October 2025 Patch Tuesday Addresses Edge Security Flaws

Overview

As part of its comprehensive October 2025 Patch Tuesday, Microsoft released updates for 172 vulnerabilities across its product line, including several important security fixes for the Microsoft Edge browser (Chromium-based). While specific CVEs for Edge were not individually highlighted as actively exploited zero-days, these patches are crucial for maintaining the browser's integrity and protecting users against various threats.

Key Edge Vulnerabilities

The October Patch Tuesday addressed a range of vulnerability types, with Edge receiving general security updates for issues such as remote code execution, spoofing, and information disclosure. These typically stem from flaws in the rendering engine, JavaScript engine, or other browser components shared with the Chromium project, as well as Edge-specific implementations. Regular application of these patches is fundamental to safeguarding against client-side exploitation attempts.

Implications

Users and administrators are strongly encouraged to apply the latest Microsoft updates, which include the necessary patches for Edge. Keeping the browser updated ensures protection against known vulnerabilities that could be leveraged by attackers for drive-by downloads, credential theft, or other malicious activities.

North Korean Hackers Deploy Advanced JavaScript Malware: BeaverTail & OtterCookie

Campaign Overview

North Korean state-sponsored threat actors have been observed deploying sophisticated JavaScript (JS) malware, identified as 'BeaverTail' and 'OtterCookie'. This campaign targets individuals and organizations with advanced phishing techniques, aiming for espionage, data theft, and potentially financial gain. The integration of these two malware strains suggests a multi-stage approach, indicating increased sophistication in the threat actors' capabilities and persistence.

Attack Vector & Techniques

The 'BeaverTail' and 'OtterCookie' malware predominantly leverage initial access gained through elaborate phishing campaigns. Once a user clicks a malicious link or opens a tainted document, the JavaScript components are executed within the browser context. 'BeaverTail' focuses on establishing persistence and initial data exfiltration, while 'OtterCookie' is designed for more advanced reconnaissance and stealing session cookies, enabling attackers to hijack legitimate user sessions without needing passwords. These JS-based attacks highlight the critical importance of robust browser security settings, content security policies (CSPs), and user awareness to defend against client-side execution of malicious code.

Microsoft Revokes Fraudulent Certificates Amid Active Campaigns

Overview

Microsoft has taken decisive action by revoking over 200 fraudulent digital certificates that were being abused by various threat actors. This mass revocation aims to mitigate ongoing risks associated with certificate-based attacks, which often play a crucial role in establishing trust for malicious websites and software. The certificates were reportedly used in campaigns such as the Rhysida ransomware and the Vanilla Tempest group's fake Microsoft Teams campaigns.

Impact on Browser Security

Digital certificates are foundational to web security, enabling browsers to verify the authenticity of websites and secure communications via HTTPS. When fraudulent certificates are used, attackers can impersonate legitimate services, perform man-in-the-middle attacks, or sign malicious software to appear trustworthy. By revoking these certificates, Microsoft is directly impacting the ability of threat actors to leverage browser trust mechanisms. This action forces browsers and operating systems to no longer trust these certificates, preventing them from being used to spoof legitimate domains or sign malicious code that would otherwise be accepted by client machines. This reinforces the importance of Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) for maintaining browser and operating system security.

Related Campaigns

The revocation addresses certificates abused in a fake Microsoft Teams campaign attributed to the Vanilla Tempest threat group, which typically employs social engineering and phishing tactics. Additionally, some certificates were linked to the distribution efforts of the Rhysida ransomware, known for its destructive impact on organizations. The use of fraudulent certificates in these campaigns underscores a tactic to evade traditional security controls and leverage established trust models in browsers and operating systems.

References

1. Google Patches Critical Chrome Vulnerability (CVE-2025-11756) in Safe Browsing Component - The Cyber Express
2. CVE-2025-11756 - NVD/MITRE
3. October 2025 Patch Tuesday: Two Publicly Disclosed, Three Zero-Days, and Eight Critical Vulnerabilities Among 172 CVEs - CrowdStrike
4. North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware - The Hacker News
5. Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign - The Hacker News
6. Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign - Security Affairs