Security News

Rogue domain certificates have been mostly limited to bad actors acquiring what are called domain-validated certificates acquired for free from services such as Let's Encrypt. Domain-validation certificates are a bare-bones solution for securing communications between a web browser and a server using TLS encryption.

Google has stomped out several serious code-execution flaws in its Chrome browser. The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.

The cross-site scripting flaws could allow attackers to execute JavaScript in targets' browsers. Including Adobe Experience Manager, Adobe fixed 18 flaws as part of its regularly scheduled September updates.

One very clear area where Vivaldi is absolutely superior to all other browsers is how it makes managing your history not only easy, but intuitive. Let me show you how easy it is to manage that history within Vivaldi.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

Oslo-based Vivaldi has released an update to its Android browser replete with additional weaponry for the ongoing Tracker and Ad Blocker arms race. Version 3.2 for Android devices ups the ante by allowing users to select additional blocking lists as well as including custom lists in a manner that will be very familiar to those running the company's desktop browser.

Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy rules since Chrome 73. Tracked as CVE-2020-6519, the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.

The bug is found in Chrome, Opera and Edge, on Windows, Mac and Android - potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. CSP allows web admins to specify the domains that a browser should consider to be valid sources of executable scripts.

NSS Labs released the results of its web browser security test after testing Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, for phishing protection and malware protection. Key takeaways Phishing protection rates ranged from 79.2% to 95.5%. For malware, the highest block rate was 98.5% and the lowest block rate was 5.6%. Protection improved over time; the most consistent products provided the best protection against phishing and malware.

The new Edge browser will soon warn you if one of your passwords shows up in a data breach - a feature based on an Azure service that enterprises can already use to protect user passwords. Browser extensions like PassProtect warn you if the password you're using to log into a site is known to have been compromised and listed in a data breach, often based on the excellent Have I Been Pwned service.