Lunch Time Nibbles - 2022-08-31

Welcome to another Lunch Time breakout:

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer
Read more....

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope
A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the
Read more....

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit of retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole 
Read more....

Chrome patches 24 security holes, enables “Sanitizer” safety system
24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.
Read more....

JavaScript bugs aplenty in Node.js ecosystem – found automatically
How to get the better of bugs in all the possible packages in your supply chain?
Read more....