Chrome Updates Crucial; Webmail XSS Exploited

Google Chrome Issues Urgent Patch for 26 Vulnerabilities, Including 3 Critical Bugs

• Google has released an urgent security update for Chrome, addressing a total of 26 vulnerabilities, with three of these classified as critical severity.
• These critical flaws often include remote code execution (RCE) or use-after-free (UAF) vulnerabilities, posing significant risks to user security and data integrity.
• Users are strongly advised to update their Chrome browsers to the latest version immediately to protect against potential exploitation of these patched vulnerabilities.

Source: SecurityOnline.info | Date: March 20, 2026

Russian APT Exploits Zero-Click XSS in 'Operation GhostMail' Against Ukrainian Webmail

• A sophisticated Russian Advanced Persistent Threat (APT) group, attributed to "Operation GhostMail," exploited a zero-click Cross-Site Scripting (XSS) vulnerability to compromise Ukrainian government webmail accounts.
• The attack specifically targeted the Zimbra webmail platform, leveraging a flaw that allowed attackers to hijack accounts without user interaction.
• This campaign enabled the APT to access sensitive information and maintain persistence within targeted organizations' communications.

Source: Cybersecurity News | Date: March 20, 2026

References

1. Urgent Patch: Massive Google Chrome Update Patches 26 Flaws, Including 3 Critical Bugs - SecurityOnline.info
2. Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks - The Hacker News
3. Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge - Security Affairs
4. The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail - SecurityOnline.info
5. Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ - Cybersecurity News