Web Browser Security
- March 27, 2018
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.
- March 21, 2018
A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.
- February 27, 2018
Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors.
- February 21, 2018
Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw.
- February 07, 2018
A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.
- December 29, 2017
News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.
- December 19, 2017
Google Project Zero's Tavis Ormandy discovered a flaw in the Keeper password manager browser extension that could allow attackers to steal credentials.
- November 03, 2017
News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.
- August 18, 2017
News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more.
- August 03, 2017
DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.
- July 20, 2017
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.
- July 19, 2017
Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1.
- July 13, 2017
As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business.
- July 10, 2017
Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust.
- June 14, 2017
The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community.