Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker. On Thursday afternoon, Google pushed out Chrome version...

Reaction to the release of Google’s Allo messaging app has been mixed since it was unveiled Wednesday during Google’s I/O event. Allo has two modes, a normal mode run by an artificial intelligence that includes Google Assistant. It analyzes messages and offers suggestions based on the content that could include things like restaurant, movie or...

Google clarified this week exactly when it plans to disable support for the RC4 stream cipher and the SSLv3 protocol on the company’s SMTP servers and Gmail’s web servers. It turns out the end will come sooner than later; the company announced it will begin to disable both a month from now, on June 16....

As zero days in Adobe Flash Player continue to bubble to the surface, major technology players are announcing their plans to shove the maligned software aside in favor of HTML5. Google is the latest, announcing recently that by Q4 of this year, HTML5 would be the default in the Chrome browser, except for content on...

Google today flipped the switch on default HTTPS support for its free domain service provider Blogspot, upping the security ante for the millions of users of the popular platform. Google had previously introduced HTTPS support for Blogspot domains as an option in September 2015. Starting Tuesday, Google said, the browser-to-website encryption technology would be automatically added...

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches. Mediaserver has been a front and center security issue since last summer’s...

Android users are being warned of a phony Google update that is pushing malware onto devices. The attackers behind this scheme are domain squatting URLs that are similar to ones used by Google for legitimate updates, hoping to snare less-than-vigilant users. Researchers at Zscaler said yesterday in a report that the attackers invested heavily in...

Last year was a landmark time for Android security. Google dealt with a major vulnerability in Stagefright, launched a monthly patch release and vulnerability rewards program, and continued to chip away at the number of malicious applications that find their way onto devices. Given all of that progress, however, Google still struggles with the economics...

Google has trumpeted its Safe Browsing alerts as a key component in redirecting victims away from potentially malicious websites. An offshoot of that work is that apparently webmasters heed those warnings too and remediate vulnerabilities and bugs quicker. A co-branded study between Google and the University of California-Berkeley looked at more than 760,000 website hijackings...

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has ported over user data policies its...