Browser News, Articles and Updates

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and several core apps, as well as security enhancements for two older OS offerings.

Browser stored personal information there for the taking: Report

Researchers have found that browsers like Chrome and Firefox store a great deal of visitor information, much of which can be easily discovered and taken by cyber-criminals.

Drive-by cryptomining targeting millions of Android devices

Drive-by cryptomining campaigns were spotted targeting millions of Android devices via infected apps and malicious browser redirects.

Google will label all HTTP sites 'not secure' starting in July 2018

Google recently announced that the Chrome browser will soon start flagging every site not using HTTPS encryption as "not secure."

Mozilla patches unsanitised output flaw in Firefox

Mozilla patched an unsanitised output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

Chrome desktop update remedies 53 bugs, adds Spectre and Meltdown mitigations

Google's latest stable channel update for the Chrome browser on Windows, Mac and Linux desktop machines includes fixes for 53 security issues, including three high-severity vulnerabilities.

It's all gravy for the onion router as Tor Browser beefs up security

Tor Browser 7.5 has been released this week complete with a bunch of security fixes that have already been rolled out to the Firefox Extended Support Release (ESR) 52.6 client it is built upon.

Malicious Chrome and Firefox extensions block removal to hijack browsers

Malicious Chrome and Firefox extensions that block their removal in order to hijack a user's browser to drive clicks up on YouTube videos and hijack searchers are automatically infecting user devices.

Cryptominer uses hidden browser windows to keep on mining

A new drive-by cryptominer is using a unique technique which allows malicious site owners and threat actors to keep mining Monero even after closing their browser windows.

Firefox tests in-browser breached site notifications

Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.

31 bugs across Safari, Edge, Internet Explorer, Firefox & Chrome browsers

Google project zero team researcher Ivan Fratric discovered 31 bugs in the DOM engines of Safari, Edge, Internet Explorer, Firefoxand Chrome browsers.

ICYMI: UK threats grow, TalkTalk2, something phishy at HSBC and more

In Case You Missed It: UK threat grows says NCSC, TalkTalk customers report fraud calls, HSBC customers being phished, NHS Wales breached, and the latest Web browser exploits.

Google Project Zero notifies Microsoft as another bug found but not patched

Is the Google team of security researchers once again teetering on the edge of responsible and irresponsible disclosure?

Mozilla issues five critical patches for Firefox and Firefox ESR

Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.

Top Chinese browser lets users be tracked and attacked

Tencent, a major chinese web browser with millions of users around the world, has been found leaking data with which users can be identified, tracked and attacked.

Baidu browser found to drip personal data in the clear

The Baidu browser for Android and Windows has been shown by Toronto-based CitizenLab to not only collect the personal information of its users and send it back to the company's servers but do so with weak, or nonexistent, encryption.

Mozilla fixes critical vulnerabilities in Firefox browser and Extended Support Release

Mozilla has issued security advisories announcing key updates to its Firefox browser and the Firefox Extended Support Release, both of which fixed vulnerabilities that the open-source developer labeled as critical.