About

Latest Google Chrome browser security news


Chromium bug allowed SameSite cookie bypass on Android devices

27 February 2023Chromium bug allowed SameSite cookie bypass on Android devicesProtections against cross-site request forgery could be bypassed

Prototype pollution vulnerability in Chromium bypassed Sanitizer API

21 September 2022Prototype pollution vulnerability in Chromium bypassed Sanitizer APIIssue highlights the challenges of preventing client-side attacks

Microsoft Edge deepens defenses against malicious websites

09 August 2022Microsoft Edge deepens defenses against malicious websitesBrowser adds defense in depth to prevent abuse of unpatched vulnerabilities

Chromium site isolation bypass allows wide range of browser attacks

04 August 2022Chromium site isolation bypass allows wide range of browser attacksFlaw that opened the door to cookie modification and data theft resolved

‘Untenable risk to Firefox users’

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo15 July 2022‘Untenable risk to Firefox users’Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo

Vivaldi browser founder puts privacy at the center of development

13 July 2022Vivaldi browser founder puts privacy at the center of developmentA man for all four seasons

Decentralized Identifiers

Everything you need to know about the next-gen web ID tech08 July 2022Decentralized IdentifiersEverything you need to know about the next-gen web ID tech

Chromium browsers vulnerable to dangling markup injection

30 June 2022Chromium browsers vulnerable to dangling markup injectionFixed bug could allow attackers to extract sensitive information

HTTP/3 RFC

The backbone of the internet has received a major upgrade07 June 2022HTTP/3 RFCThe backbone of the internet has received a major upgrade

Bug Bounty Radar

The latest bug bounty programs for June 202231 May 2022Bug Bounty RadarThe latest bug bounty programs for June 2022

Eternity malware

Swiss Army knife of cybercrime tools offers one-stop shop for data and crypto kleptomaniacs17 May 2022Eternity malwareSwiss Army knife of cybercrime tools offers one-stop shop for data and crypto kleptomaniacs

Bug Bounty Radar

The latest bug bounty programs for May 202229 April 2022Bug Bounty RadarThe latest bug bounty programs for May 2022

Chrome plans to deprecate ‘document.domain’

26 April 2022Chrome plans to deprecate ‘document.domain’Making document.domain immutable

Bug Bounty Radar

The latest bug bounty programs for April 202201 April 2022Bug Bounty RadarThe latest bug bounty programs for April 2022

‘Dangerous trend’

EU web authentication plan threatens to undercut browser-led certification system, say detractors30 March 2022‘Dangerous trend’ EU web authentication plan threatens to undercut browser-led certification system, say detractors

HTML parser bug triggers Chromium XSS security flaw

29 March 2022HTML parser bug triggers Chromium XSS security flawWebsites thought to be XSS-protected could have been unintentionally exposed to XSS attacks in Chrome sessions

WebKit CSP boost

Apple Safari empowers developers to mitigate web vulnerabilities18 March 2022WebKit CSP boostApple Safari empowers developers to mitigate web vulnerabilities

Private chat?

Chrome Skype extension with 9m installs found to be leaking user info01 March 2022Private chat?Chrome Skype extension with 9m installs found to be leaking user info

Need for speed

Google Project Zero hails dramatic acceleration in security bug remediation11 February 2022Need for speedGoogle Project Zero hails dramatic acceleration in security bug remediation

Bittersweet Symfony

PHP framework devs accidentally turn off CSRF protection03 February 2022Bittersweet SymfonyPHP framework devs accidentally turn off CSRF protection

Bug Bounty Radar

The latest bug bounty programs for February 202231 January 2022Bug Bounty RadarThe latest bug bounty programs for February 2022

Print, scream

Xerox belatedly addresses web-based printer bricking threat28 January 2022Print, screamXerox belatedly addresses web-based printer bricking threat

Triple-digit threshold

Browser makers offer testing tools as version 100 approaches25 January 2022Triple-digit thresholdBrowser makers offer testing tools as version 100 approaches

Preflight checks

Chrome to bolster CSRF protections by deprecating direct access to private network endpoints from public websites18 January 2022Preflight checksChrome to bolster CSRF protections by deprecating direct access to private network endpoints from public websites

Anti-cheating browser extension fails web security examination

22 December 2021Anti-cheating browser extension fails web security examinationXSS flaw in Proctorio gets resolved

Out of isolation

Chrome fixes Site Isolation bypass vulnerability21 December 2021Out of isolationChrome fixes Site Isolation bypass vulnerability

RCE risk for Chrome users running remote headless interface

14 December 2021RCE risk for Chrome users running remote headless interfaceAttackers could read and write arbitrary files to a device’s hard drive

Driftwood debuts

New open source tool hunts for leaked public-private key pairs12 November 2021Driftwood debutsNew open source tool hunts for leaked public-private key pairs

Mozilla debuts Site Isolation technology with Firefox update

03 November 2021Mozilla debuts Site Isolation technology with Firefox updateSandboxing technology levels up browser security

XSS on NTP

Dangerous bug in Google Chrome’s ‘New Tab’ page bypassed security features03 November 2021XSS on NTPDangerous bug in Google Chrome’s ‘New Tab’ page bypassed security features