Web Browser Security
- July 13, 2018
In an effort to mitigate the risk of Spectre attacks, Google Chrome site isolation has been enabled for 99% of browser users to minimize the data that could be gleaned by an attacker.
- July 09, 2018
A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it.
- June 29, 2018
News roundup: Upcoming WebAssembly updates may undo the Meltdown and Spectre mitigations. Plus, FireEye denied claims it 'hacked back' China, and more.
- June 08, 2018
News roundup: Apple wants to protect its users from Facebook web tracking with the next version of Safari. Plus, genealogy website MyHeritage suffers data breach, and more.
- March 27, 2018
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.
- March 21, 2018
A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.
- February 27, 2018
Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors.
- February 21, 2018
Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw.
- February 07, 2018
A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.
- December 29, 2017
News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.
- December 19, 2017
Google Project Zero's Tavis Ormandy discovered a flaw in the Keeper password manager browser extension that could allow attackers to steal credentials.
- November 03, 2017
News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.
- August 18, 2017
News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more.
- August 03, 2017
DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates.
- July 20, 2017
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.