Security News

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.

Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group to collaborate on standardizing browser extensions to enhance both security and performance. "With multiple browsers adopting a broadly compatible model for extensions in the last few years, the WECG is excited to explore how browser vendors and other interested parties can work together to advance a common browser extension platform," the browser vendors said.

Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. "This fundamental redesign of Firefox's Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop," Mozilla said in a statement.

Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords.

A vulnerability affecting desktop versions of four popular web browsers could be exploited by advertisers, malicious actors, and other third parties to track and profile users online even if they switch browsers, use incognito mode or a VPN, researcher and developer Konstantin Darutkin claims. Darutkin and his colleagues from FingerprintJS are calling the vulnerability and its exploitation "Scheme flooding," as attackers can use browsers' built-in custom URL scheme handlers to check if site visitors have 32 different applications installed on their desktops.

A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers - including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor - posing a threat to cross-browser anonymity. Called "Scheme flooding," the flaw "Allows websites to identify users reliably across different desktop browsers and link their identities together," Konstantin Darutkin, a researcher and developer at FingerprintJS, said in a blog post published Thursday.

Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device. "Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.

LogDNA launched a new browser logging capability, which makes it easier for full-stack and frontend developers to ingest frontend log data in LogDNA to more efficiently debug web applications. LogDNA's new Browser Logger addresses this need by automatically capturing errors and logs occurring in the user's browser and allowing dev teams to centralize those errors alongside server-side logs.

Appgate announced the launch of the latest release of its Software Defined Perimeter solution that enables clientless, browser-based access to protected resources. With this latest release, Appgate SDP enhances and streamlines administration and removes end-user friction, which reduces the Help Desk workload. "A core tenet of zero trust is to secure access for all users to all resources. At Appgate, we remain dedicated to advancing zero trust network access with a focus on making it as simple as possible to apply this modern security framework across a variety of operating environments and scenarios," said Kurt Glazemakers, CTO for Appgate.

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.