Articles about browser security

Screenshot of Chrome's "Aw, snap!" error message

Google burnishes Chrome to patch over 43 bugs

Google has pushed out a new cross-platform version of Chrome that fixes no less than 43 security bugs. Chrome version 44.0.2403.89 for Windows, Mac and Linux addresses 12 potentially “high-impact flaws”, several of which revolve around buffer overflow bugs. A pair of universal cross-site scripting bugs also rate towards the …
John Leyden, 24 Jul 2015

Naughty Flash Player BURIED ALIVE in OS X Mavericks Safari sandbox

The Adobe Flash Player plugin runs in a locked-down sandbox under Safari on OS X 10.9 "Mavericks," making Apple the latest major web browser vendor to provide additional security when viewing Flash content on the web. According to a memo posted by Adobe security strategist Peleus Uhley on Thursday, Flash Player in Mavericks is …
Neil McAllister, 24 Oct 2013
bug on keyboard

Crowdsourced flaw-finding cheaper than in-house bug hunters

A study into the once-controversial practice of vulnerability rewards programs (VRPs) – paying researchers bug bounties for reporting security flaws – has found that for browser builders, the practice is not only more effective at spotting problems that hiring code-checkers, it's also much better value for the money. "We find …
Iain Thomson, 10 Jul 2013
The Register breaking news

Microsoft plasters IE8 hole abused in nuke lab PC meltdown

Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website. The Fix It, released late on Wednesday, is designed to offer a temporary block against …
John Leyden, 9 May 2013
The Register breaking news

Google blats bugs in Chrome - days before $560k hacking contest

Pwn2Own 2013 Google patched 10 security vulnerabilities in its web browser Chrome on Monday - two days before the start of Pwn2Own, the annual hacking contest in which experts race to compromise software to win prizes. The latest update fixes flaws in Chrome's Windows and Linux builds. Six of the 10 holes addressed are rated as "high" risk …
John Leyden, 5 Mar 2013
The Register breaking news

Security bods rip off Microsoft's 'sticking plaster' IE bug fix

A security researcher has developed a method to circumvent Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability. Redmond release a temporary Fix It to defend against the flaw last week, pending the development of a more complete patch which it later emerged would not arrive with updates due to be …
John Leyden, 7 Jan 2013
The Register breaking news

Mystery Chrome 0-day exploit to be unveiled in India on Saturday

A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend. Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60, …
John Leyden, 23 Nov 2012
The Register breaking news

'Looming menace' of evil browser extensions to be demo'd this week

A security researcher has developed a proof-of-concept browser botnet extension to illustrate the perils of what he describes as a "looming menace". Zoltan Balazs of Deloitte Hungary developed the code to illustrate the risk from malicious browser add-ons, which he argues anti-virus vendors are ill-equipped to defend against …
John Leyden, 23 Oct 2012
The Register breaking news

Redmond promises emergency IE bug fix on Friday (zero day + 5)

Microsoft is promising to release an emergency patch that tackles a zero-day vulnerability in Internet Explorer on Friday. In the meantime, the software giant is pointing customers towards a temporary fix, issued on Wednesday. The stop gap fix uses Redmond's "application compatibility shim mechanism" as a sort of battlefield …
John Leyden, 20 Sep 2012
The Register breaking news

Firefox 14 tabs no longer sneak a peek at users' privates

Mozilla has plugged a privacy-related security hole in Firefox 13 and released a fixed version of its web browser. The flaw allowed the software's speed-dial-alike "new tab" feature to take snapshots of supposedly secure HTTPS sessions. Punters sounded the alarm over the feature that, for example, revealed online bank account …
John Leyden, 19 Jul 2012
The Register breaking news

Google Chrome update plugs score of security bugs

Google has updated its Chrome browser to address 20 vulnerabilities, none of which are deemed critical. Chrome version 20 coincidentally covers patches for a score of security bugs, as listed here. Many of the fixed vulnerabilities involve "use-after-free" memory-related security bugs, some of which are rated as high risk. …
John Leyden, 28 Jun 2012
The Register breaking news

Firefox 'new tab' feature exposes users' secured info: Fix promised

Privacy-conscious users have sounded the alarm after it emerged the "New Tab" thumbnail feature in Firefox 13 is "taking snapshots of the user's HTTPS session content". Reg reader Chris discovered the feature after opening a new tab only to be "greeted by my earlier online banking and webmail sessions complete with account …
John Leyden, 22 Jun 2012
The Register breaking news

Google unleashes Chrome 19, flattens 20 bugs

Google released a major update to its Chrome browser on Tuesday that tackles 20 security vulnerabilities, eight of which are classified as high-risk bugs. Chrome 19 – a cross-platform update for Windows, Mac, Linux and Chrome Frame – also includes a number of improved features such as tab sync. Google paid security researchers …
John Leyden, 16 May 2012
The Register breaking news

Ghost of HTML5 future: Web browser botnets

B-Sides HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief. During a presentation at the B-Sides Conference in London on Wednesday, Robert …
John Leyden, 27 Apr 2012
The Register breaking news

Chrome patches up after double dose of CanSecWest pwnage

CanSecWest Google has released a patch a day after Sergey Glazunov hacked its browser with a pair of zero-day flaws. The update covers Windows, Mac OS X, Linux and Chromium OS. Google's Chrome fell to two separate attacks on Wednesday evening, both based on previously unknown vulnerabilities during competitions at the CanSecWest …
John Leyden, 9 Mar 2012
The Register breaking news

Pwn2Own 2012 touts bigger prizes, drops mobile hacks

Organisers of security conference CanSecWest have changed the rules for the next outing of its Pwn2Own computer hacking contest. The prize money will be increased, but smartphone hacks have been dropped from the competition. Instead Pwn2Own will challenge security researchers to develop browser exploits in order to hack into …
John Leyden, 25 Jan 2012
The Register breaking news

Zombie browser with evil past returns from the grave

A rogue browser package has re-appeared online years after security researchers thought it was gone for good. Yapbrowser first appeared in 2006, inciting marks to use what was touted as a full-function web browser client. In reality, the software was jammed packed with adware from notorious (now defunct) outfit Zango. Users …
John Leyden, 10 Oct 2011
The Register breaking news

Java update tackles multiple critical flaws

Oracle has released a cross-platform update for Java that addresses 17 vulnerabilities in the ubiquitous software platform. All 17 vulnerabilities might be abused to inject code into vulnerable systems, and all but one affect how Java Runtime Environment client software runs in browsers. Java 6 update 26 for Windows, Linux …
John Leyden, 8 Jun 2011

Create a news alert about browser security, or find more stories about browser security.

Biting the hand that feeds IT © 1998–2018