Security News

Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device. "Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.

LogDNA launched a new browser logging capability, which makes it easier for full-stack and frontend developers to ingest frontend log data in LogDNA to more efficiently debug web applications. LogDNA's new Browser Logger addresses this need by automatically capturing errors and logs occurring in the user's browser and allowing dev teams to centralize those errors alongside server-side logs.

Appgate announced the launch of the latest release of its Software Defined Perimeter solution that enables clientless, browser-based access to protected resources. With this latest release, Appgate SDP enhances and streamlines administration and removes end-user friction, which reduces the Help Desk workload. "A core tenet of zero trust is to secure access for all users to all resources. At Appgate, we remain dedicated to advancing zero trust network access with a focus on making it as simple as possible to apply this modern security framework across a variety of operating environments and scenarios," said Kurt Glazemakers, CTO for Appgate.

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.

This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users.

Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH. Rowhammer refers to a technique that computer security researchers began to explore around 2014: "Hammering" RAM chips with a series of rapid write operations. Initially, Rowhammer attacks had to be conducted locally, though by 2016 [PDF], the technique had been refined to work remotely using JavaScript in, say, a web browser.

Google's FLoC mechanism for ad personalisation, currently being trialled in the Chrome browser, has been rejected as privacy-invasive tracking by other browser makers including Vivaldi and Brave. FLoC is part of what Google calls the Privacy Sandbox initiative, a proposal to "Support business models that fund the open web in the absence of tracking mechanisms like third-party cookies," according to now-retired Chrome engineering director Justin Schuh and product manager Marshall Vale in January.

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine. One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates.

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. UPDATE: Agarwal, in an email to The Hacker News, confirmed that there's one more vulnerability affecting Chromium-based browsers that has been patched in the latest version of V8, but has not been included in the Chrome release rolling out today, thereby leaving users potentially vulnerable to attacks even after installing the new update.