News

Web Browser Security

• October 12, 2018 12 Oct'18

  Mozilla delays distrust of Symantec TLS certificates, Google doesn't

  Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates.

• September 26, 2018 26 Sep'18

  Controversial Chrome login feature to be partially rolled back

  Google will modify the next version of Chrome in an attempt to appease critics of the browser's cookie retention functionality and automatic Chrome login feature.

• September 26, 2018 26 Sep'18

  Browser Reaper POC exploit crashes Mozilla Firefox

  A security researcher developed a proof-of-concept attack on Firefox, called Browser Reaper, which can crash or freeze the browser. But he gave Mozilla short notice of the flaw.

• September 25, 2018 25 Sep'18

  Google Chrome sign-in changes cause confusion and concern

  Google Chrome sign-in changes are being criticized by experts, and poor communication from Google has led to more confusion about user privacy and consent.

• August 16, 2018 16 Aug'18

  Finalized TLS 1.3 update has been published at last

  The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.

• July 13, 2018 13 Jul'18

  Chrome site isolation arrives to mitigate Spectre attacks

  In an effort to mitigate the risk of Spectre attacks, Google Chrome site isolation has been enabled for 99% of browser users to minimize the data that could be gleaned by an attacker.

• July 09, 2018 09 Jul'18

  How did an old, unpatched Firefox bug expose master passwords?

  A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.

• June 29, 2018 29 Jun'18

  WebAssembly updates may cancel out Meltdown and Spectre fixes

  News roundup: Upcoming WebAssembly updates may undo the Meltdown and Spectre mitigations. Plus, FireEye denied claims it 'hacked back' China, and more.

• June 08, 2018 08 Jun'18

  Apple plans to disable Facebook web tracking capabilities

  News roundup: Apple wants to protect its users from Facebook web tracking with the next version of Safari. Plus, genealogy website MyHeritage suffers data breach, and more.

• March 27, 2018 27 Mar'18

  TLS 1.3 update is finalized with encryption upgrade

  The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.

• March 21, 2018 21 Mar'18

  Firefox bug exposes passwords to brute force -- for nine years

  A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.

• February 27, 2018 27 Feb'18

  Ad network cryptojacking attack bypasses ad blockers

  Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors.

• February 21, 2018 21 Feb'18

  Google discloses Microsoft Edge vulnerability without a patch

  Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw.

• February 07, 2018 07 Feb'18

  Grammarly vulnerability exposed user documents

  A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.

• December 29, 2017 29 Dec'17

  Browser login managers allow tracking scripts to steal credentials

  News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.