"Google released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The vulnerabilities related to an out-of-bounds write vulnerability in the Skia 2D graphics library (CVE-2026-3909) and an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine (CVE-2026-3910) that could result in out-of-bounds memory access or code execution, respectively."
"Meta announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. In a statement, a Meta spokesperson said, 'Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.'"
"A court-authorized international law enforcement operation dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers for malicious purposes, addressing infrastructure-level threats and the abuse of compromised devices."
This week's security landscape reveals critical vulnerabilities and infrastructure threats. Google patched two actively exploited Chrome zero-days affecting the Skia graphics library and V8 JavaScript engine, enabling potential code execution. Meta announced discontinuing Instagram end-to-end encryption by May 2026, citing low adoption rates and redirecting users to WhatsApp. Law enforcement disrupted SocksEscort, a criminal proxy service exploiting thousands of residential routers. These developments demonstrate attackers leveraging trusted infrastructure, privacy erosion on mainstream platforms, and the persistent abuse of compromised devices for malicious purposes.
#chrome-zero-day-vulnerabilities #end-to-end-encryption #proxy-service-disruption #residential-router-exploitation #active-threat-intelligence
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]