Chrome Patches Critical V8 Vulnerability; LastPass Phishing Active

Malicious Google Calendar invites could expose private data

• Vulnerability in Google Calendar allowed prompt-injection instructions in invites to bypass privacy controls.
• Malicious invites leveraged Google Gemini to create events summarizing private meetings, exposing data.
• Google fixed the issue, but warns of AI risks; review calendar and sharing settings.

Source: Malwarebytes Blog | Date: January 21, 2026

Fake extension crashes browsers to trick users into infecting themselves

• Malicious browser extensions intentionally crash user browsers, then offer fake "solutions."
• Attackers trick users into manually installing malware by exploiting frustration and desire for repair.
• This novel social engineering combines technical manipulation with psychological pressure for infection.

Source: Malwarebytes Blog | Date: January 20, 2026

Firefox joins Chrome and Edge as sleeper extensions spy on users

• "Sleeper" browser extensions across Firefox, Chrome, and Edge harvest user data long after installation.
• Malicious add-ons capture browsing histories, screenshots, keystrokes, and exfiltrate sensitive user info.
• Users must carefully vet browser extensions and manage permissions to protect privacy.

Source: Malwarebytes Blog | Date: January 19, 2026

Google Chrome 144 Update Patches High-Severity V8 Vulnerability (CVE-2026-0033)

• Google Chrome version 144.0.7258.118 has been released to patch a high-severity vulnerability, identified as CVE-2026-0033, in the V8 JavaScript engine.
• This critical update addresses a security flaw that could potentially lead to arbitrary code execution due to improper handling within the V8 engine, affecting Chrome across various platforms.
• Users are strongly advised to update their Google Chrome browsers immediately via chrome://settings/help to mitigate risks associated with this significant security vulnerability.

Source: Cybersecurity News | Date: January 21, 2026

LastPass Users Targeted by Sophisticated Phishing Campaign for Master Passwords

• LastPass has issued an urgent advisory warning users of an active and sophisticated phishing campaign designed to steal master passwords by impersonating legitimate service maintenance messages.
• Attackers are employing fake LastPass login pages, often delivered via email or SMS, that are highly convincing and designed to capture user credentials immediately upon entry.
• Users are strongly cautioned to verify the authenticity of all communications, scrutinize URLs for suspicious elements, and navigate directly to the official LastPass website for any account management.

Source: The Hacker News | Date: January 20, 2026

References

1. Google Chrome 144 Update Patches High-Severity V8 Vulnerability - Cybersecurity News
2. LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords - The Hacker News
3. Crooks impersonate LastPass in campaign to harvest master passwords - Security Affairs
4. CVE-2026-0033 - NVD