Security News
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.
Oslo-based Vivaldi has released an update to its Android browser replete with additional weaponry for the ongoing Tracker and Ad Blocker arms race. Version 3.2 for Android devices ups the ante by allowing users to select additional blocking lists as well as including custom lists in a manner that will be very familiar to those running the company's desktop browser.
Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy rules since Chrome 73. Tracked as CVE-2020-6519, the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.
The bug is found in Chrome, Opera and Edge, on Windows, Mac and Android - potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. CSP allows web admins to specify the domains that a browser should consider to be valid sources of executable scripts.
NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection. Key takeaways Phishing protection rates ranged from 79.2% to 95.5%. For malware, the highest block rate was 98.5% and the lowest block rate was 5.6%. Protection improved over time; the most consistent products provided the best protection against phishing and malware.
The new Edge browser will soon warn you if one of your passwords shows up in a data breach - a feature based on an Azure service that enterprises can already use to protect user passwords. Browser extensions like PassProtect warn you if the password you're using to log into a site is known to have been compromised and listed in a data breach, often based on the excellent Have I Been Pwned service.
If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. With macOS Big Sur improvements on the way, there's no doubt that Safari can handle responsibility.
Folks running Bitdefender's Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. Palant said the vulnerability was within a component called Online Protection within that suite, meaning it could be exploited by any website opened in any browser on any computer running Bitdefender's vulnerable antivirus package.
Folks running Bitdefender's Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. Palant said the vulnerability was within a component called Online Protection within that suite, meaning it could be exploited by any website opened in any browser on any computer running Bitdefender's vulnerable antivirus package.
Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "Massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. The extensions in question posed as utilities offering capabilities to convert files from one format to the other, among other tools for secure browsing, while relying on thousands of fake reviews to trick unsuspecting users into installing them.