Originally reported by The Hacker News, Qualys
TL;DR
Google patched a critical Chrome vulnerability allowing malicious extensions to escalate privileges via Gemini panel exploitation. Meanwhile, SD-WAN zero-day vulnerabilities have emerged alongside evolving bot attack patterns and updated UK compliance requirements.
The Chrome vulnerability CVE-2026-0628 with CVSS 8.8 allowing privilege escalation and local file access represents a high-severity threat, especially given Chrome's widespread deployment in enterprise environments.
Google has patched a significant security vulnerability in Chrome that allowed malicious extensions to escalate privileges and access local system files. The flaw, designated CVE-2026-0628 with a CVSS score of 8.8, stemmed from insufficient policy enforcement in Chrome's WebView tag implementation.
The vulnerability specifically targeted Chrome's Gemini panel functionality, enabling attackers to bypass security boundaries that should have contained extension operations. Google addressed the issue in January 2026, though details of the fix and potential exploitation in the wild remain limited.
The high CVSS score reflects the severity of privilege escalation vulnerabilities in widely-deployed browser platforms, where successful exploitation could provide attackers with elevated system access beyond the browser sandbox.
The threat landscape has revealed new attack vectors targeting SD-WAN infrastructure alongside critical vulnerabilities across network systems, cloud environments, and AI tools. Security researchers have identified patterns indicating attackers are increasingly exploiting:
The consolidated threat intelligence suggests adversaries are conducting more sophisticated reconnaissance and leveraging trusted services to mask malicious activities. The SD-WAN zero-day represents a particularly concerning development given these systems' critical role in enterprise network architecture.
SaaS platforms face evolving bot-based threats that manifest as inflated traffic metrics masking malicious activity. Security teams report common indicators including:
The attack methodology exploits the difficulty in distinguishing legitimate growth from automated abuse, potentially leading to resource exhaustion and compromised service availability. SafeLine WAF has emerged as one mitigation approach, though the specific technical details of their bot detection capabilities require further evaluation.
Starting April 2026, the UK's Cyber Essentials Plus (CE+) certification scheme will emphasize measurable security controls over documentation-based compliance. The updated framework requires organizations to demonstrate operational effectiveness of security measures rather than simply maintaining policy documentation.
This evolution aligns with recent UK Government research highlighting persistent cyber risk exposure across sectors. The shift reflects recognition that documented controls provide limited protection without corresponding operational implementation and monitoring.
Qualys has positioned their platform to support the updated compliance requirements, though specific technical adaptations to meet the new operational verification standards remain to be detailed.
Originally reported by The Hacker News, Qualys