Google warns of two actively exploited Chrome zero days

One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive information.
DataBreachToday

Breach Roundup: Russian State Actors Target Signal, WhatsApp

This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?