Browser Security

Chrome Patches, Firefox Flaw, & RomCom APT's SocGholish Shift

27 Nov 2025 — 2 min read

This newsletter is AI generated and may hallucinate sometimes 😊

AI shoppers open the door to a world of uncertainty

AI shopping agents introduce significant security risks by handling sensitive payment and email data.
Attackers exploit AI agents to steal credit card and bank account information, enabling large-scale fraud.
Immature AI agent technology currently lacks developer incentive for security improvements until major incidents.

Source: IT Brew | Date: November 26, 2025

A malicious Chrome extension has been identified injecting unauthorized transaction fees into Solana blockchain swaps conducted via the Raydium decentralized exchange.
The extension modifies legitimate transaction data, adding an undisclosed 0.05 SOL fee which is then routed to the attacker's wallet.
Users are strongly advised to audit their installed browser extensions and verify all transaction details carefully before confirming blockchain operations to avoid financial losses.

Source: The Hacker News | Date: November 26, 2025

Mozilla Firefox is impacted by CVE-2025-13016, a critical vulnerability that could potentially allow for arbitrary code execution.
The flaw affects specific versions of Firefox and components within its rendering engine, posing a significant risk to user data integrity and overall system security.
Users are urged to update their Firefox browsers immediately to the latest patched version to mitigate the risk of exploitation from this critical issue.

Source: The Cyber Throne | Date: November 26, 2025

The RomCom APT group is actively employing SocGholish fake software update attacks to distribute the Mythic Agent malware, targeting organizations globally.
These campaigns often deceive users into downloading malicious executables disguised as legitimate browser or software updates, typically delivered through compromised websites or malvertising.
The Mythic Agent framework provides attackers with extensive remote access capabilities, facilitating data exfiltration, additional payload deployment, and persistent access to infected systems.

Source: The Hacker News | Date: November 26, 2025

The RomCom threat actor group has for the first time been observed distributing its malicious payload through the widely used SocGholish fake update infection chain.
This new distribution method represents an evolution in RomCom's tactics, allowing them to leverage SocGholish's established infrastructure for broader initial access, often appearing as critical browser or software updates.
The shift to SocGholish is expected to expand RomCom's victim base and potentially bypass security defenses that were previously effective against their direct distribution methods.

Source: Security Affairs | Date: November 26, 2025

Google has released a stable channel update for desktop Chrome, version 120.0.6099.109, which includes fixes for several security vulnerabilities.
The update addresses critical security issues, with Google often withholding specific CVE details temporarily to prevent active exploitation before widespread user patching.
Users are strongly advised to update their Chrome browsers to the latest version immediately via chrome://settings/help to ensure protection against recently discovered and potentially exploited flaws.

Source: Chrome Releases | Date: November 26, 2025