Security News

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window. Name property has been available for websites to store whatever data they choose to, but such data has often been allowed to leak between sites, essentially allowing for the tracking of users across the pages they visit.

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. This month, Google began testing a new tracking platform called Federated Learning of Cohorts, or FLoC, that places users in anonymous buckets, or cohorts, based on their interest and browsing behavior.

Google's FLoC mechanism for ad personalisation, currently being trialled in the Chrome browser, has been rejected as privacy-invasive tracking by other browser makers including Vivaldi and Brave. FLoC is part of what Google calls the Privacy Sandbox initiative, a proposal to "Support business models that fund the open web in the absence of tracking mechanisms like third-party cookies," according to now-retired Chrome engineering director Justin Schuh and product manager Marshall Vale in January.

Last month, Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts for the Chrome browser and ad serving websites. FLoC has been criticized by the Electronic Frontier Foundation and outright rejected by makers of Vivaldi and Brave browsers for its debatable claim of being a privacy-preserving technology.

DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without identifying users. Privacy browser DuckDuckGo has launched a new extension for Chrome that's designed to block Google's new algorithm for tracking users' browsing activity for ad selection.

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. As the name indicates, the idea is to "Slice" the original network architecture in multiple logical and independent virtual networks that are configured to meet a specific business purpose, which, in turn, dictates the quality of service requirements necessary for that slice.

Eliminating third-party cookies will not stop companies from tracking web users, says DuckDuckGo, which claims it can help with its desktop browser extensions and mobile apps. In a blog post on Tuesday, the privacy-focused search biz explains that the much discussed plan by Google to eliminate third-party cookies in Chrome by the end of 2022, and related restrictions already implemented in browsers like Brave, Firefox, and Safari, will have a limited effect on marketers' online tracking efforts.

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. A class-action suit in the Circuit Court of the Fifth Judicial Circuit In and For Lake County, Florida, alleges that the tech giant unlawfully intercepted communications without user consent because of its use of analytics technology on its website.

When version 90 of Google's Chrome browser arrives in mid-April, initial website visits will default to a secure HTTPS connection in the event the user has failed to specify a preferred URI scheme. Chrome 90 will make HTTPS the default for first time website visits where no transport has been declared.

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. In avoiding JavaScript, the side-channel attacks are also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs - making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets.