Security News

The privacy-focused web browser Brave continues to grow rapidly as the company reached 50 million monthly active users for the first time in 2021. What makes Brave browser stand out is that they do not track your searches or share any personal or identifying data with third-party companies like Google or Microsoft.

Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Security researcher Yangkang of Qihoo 360 ATA, who has previously disclosed zero-day vulnerabilities in Apple's WebKit, has been credited with discovering and reporting the flaw on November 30, 2021.

The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. The malware targets the 'Login Data' file found on all Chromium-based web browsers and is an SQLite database where usernames and passwords are saved.

The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. Opera introduced the new feature in development version 83, and Bleeping Computer has tested it on developer version 84, where it's still present.

The latest version of Firefox is now available and includes an important step forward for web browser security. Firefox, the little browser that could, continues chugging along.

Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "Accidental defects as well as supply-chain attacks." All major browsers are designed to run web content in their own sandboxed environment as a means to counter malicious sites from exploiting a browser vulnerability to compromise the underlying operating system.

Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, Opera, among others. "The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual, small details of a website. If these details are tied to personal data, those data can be leaked."

Microsoft has reversed a Windows 11 design change that made it highly annoying to change the default browser used by the operating system. Previously, web browsers could configure themselves as the default browser by modifying the Windows Registry.

IT security researchers from Ruhr-Universität Bochum and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. These types of side-channel attacks are called 'XS-Leaks,' and allow attacks to bypass the 'same-origin' policy in web browsers so that a malicious website can steal info in the background from a trusted website where the user enters information.

In the never-ending battle for privacy on mobile phones, I seem to be forever searching for the right combination of apps and services to lift Android to a more secure place. Recently the privacy-centric browser took yet another step forward, one that had me immediately set it as my default Android browser.