News
Web Browser Security
- March 27, 2018
27 Mar'18
TLS 1.3 update is finalized with encryption upgrade
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.
- March 21, 2018
21 Mar'18
Firefox bug exposes passwords to brute force -- for nine years
A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.
- February 27, 2018
27 Feb'18
Ad network cryptojacking attack bypasses ad blockers
Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors.
-
- February 21, 2018
21 Feb'18
Google discloses Microsoft Edge vulnerability without a patch
Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw.
- February 07, 2018
07 Feb'18
Grammarly vulnerability exposed user documents
A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.
- December 29, 2017
29 Dec'17
Browser login managers allow tracking scripts to steal credentials
News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.
- December 19, 2017
19 Dec'17
Flawed Keeper password manager preinstalled on Windows 10
Google Project Zero's Tavis Ormandy discovered a flaw in the Keeper password manager browser extension that could allow attackers to steal credentials.
- November 03, 2017
03 Nov'17
Certificate authority business undergoes major changes
News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.
- August 18, 2017
18 Aug'17
Hijacked Chrome extensions infect millions of users
News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more.
- August 03, 2017
03 Aug'17
Symantec Website Security, certificate authority business sold to DigiCert
DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.
-
- July 20, 2017
20 Jul'17
Industry reacts to Symantec certificate authority trust remediation
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.
- July 19, 2017
19 Jul'17
Symantec agrees to transfer certificate issuance to third party
Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1.
- July 13, 2017
13 Jul'17
Symantec certificate authority business reportedly for sale
As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business.
- July 10, 2017
10 Jul'17
WoSign CA certificates get end-of-trust date in Chrome
Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust.
- June 14, 2017
14 Jun'17
Symantec CA remediation plan faces more delays
The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community.