Browser Security

Chrome Zero-Day and Gogs RCE Exploits Demand Urgent Action

Nishant Sharma

12 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Google Patches Eighth Actively Exploited Chrome Zero-Day Vulnerability in 2025

Google has released an urgent security update for Chrome to address its eighth actively exploited zero-day vulnerability in 2025, with specific details and a CVE ID currently undisclosed by the company.
The high-severity flaw has been confirmed by Google to be under active exploitation in the wild, necessitating immediate action from users.
All Chrome users across Windows, macOS, and Linux are strongly advised to update to version 120.0.6099.200 or later via chrome://settings/help to mitigate the risk.

Source: BleepingComputer | Date: December 11, 2025

Critical Unpatched Gogs Zero-Day Vulnerability Actively Exploited on 700+ Servers

A critical unpatched zero-day vulnerability in Gogs, an open-source Git service, is being actively exploited in the wild, leading to the compromise of over 700 publicly accessible instances.
The flaw, identified as a Remote Code Execution (RCE) vulnerability, allows attackers to gain unauthorized control over affected servers.
Administrators of Gogs instances are urged to implement immediate mitigations, as an official patch is not yet available, to prevent further exploitation.

Source: Security Affairs | Date: December 12, 2025

References

Google fixes eighth Chrome zero-day exploited in attacks in 2025 - BleepingComputer
Critical Gogs zero-day under attack, 700 servers hacked - Security Affairs

Browser Security Digest: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

This newsletter is AI generated and may hallucinate sometimes 😊 Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers * Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors. * This attack bypasses traditional multi-factor authentication

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding

Google Patches Eighth Actively Exploited Chrome Zero-Day Vulnerability in 2025

Critical Unpatched Gogs Zero-Day Vulnerability Actively Exploited on 700+ Servers

References

Read more

Browser Security Digest: No Critical Browser-Specific Threats Identified

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security