Items tagged with browsers
Starting next month, Google will tighten the controls on its Chrome browser by limiting cross-site tracking, and within the next two years, it plans on eliminating third-party cookies from the equation. These and other steps are part of a larger initiative Google is calling "Privacy Sandbox," which entails open standards to enhance user privacy when surfing the web. "Our goal for this open source initiative is to make the web more private and secure for users, while also supporting publishers," Google said. On the surface, getting rid of third-party cookies may seem to go against the latter part of that statement, but Google believes there is a better way of satisfying both users and publishers....
Read more...
Mozilla is pushing out an incremental update to its Firefox browser to mitigate a critical security vulnerability. If left unpatched, the zero day threat could allow an attacker to gain full control of PC. Indeed, Mozilla is aware of malicious actors leveraging the flaw in the wild, so if you use Firefox, it is in your best interest to update right away. "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw," Mozilla stated in a security document. A type confusion attack consists of accessing data in memory that is supposed be out of bounds. This could lead to a crash, or...
Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):...
Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
Google is putting the final touches on a handful of new features headed to its Chrome browser, and today we get a glimpse of a few of them. For power surfers, the most interesting changes are those that apply to tab management. This is going to be more convenient on both desktop and mobile, with iOS users already having access to a tab grid layout. That same feature will arrive on Android sometime in the "next few weeks." Here is what it looks like on an iPhone running iOS 13 (with the new dark mode in IOS enabled)... You can rearrange tabs, but when it rolls out on Android, users will be able to group them as well. They can do this simply by tapping and dragging a tabbed page onto another within...
Read more...
Google has begun rolling out a new version of its popular Chrome browser for all available platforms, including Windows, Linux, Mac on the desktop, and Android and iOS on mobile. The new Chrome 76 update brings with it some nifty changes. Chief among them is a tougher stance against Adobe's troublesome Flash plugin—it is now blocked by default. Flash is essentially a dead platform and browser plugin walking. Around this time in 2017, Adobe announced that it was putting Flash on life support until 2020, at which point it plans on pulling the plug. The web at large has moved on to HTML5. However, there are still sites and services that use Flash. As such, Google still gives users the option...
Read more...
Not all browser extensions are used for good. It was recently discovered that several Chrome and Firefox browser extensions were stealing data from individual users and corporations. The data included everything from passwords to genetic information. Sam Jadali of securitywithsam.com revealed that the following browser extensions were leaking data: Chrome Extensions Branded Surveys HoverZoom Panel Community Surveys PanelMeasurement SpeakIt! Firefox Extensions SaveFrom.net Helper Chrome and Firefox Extensions FairShare Unlock SuperZoom The extensions affected macOS, Windows, Chrome OS, and Ubuntu operating systems and Chromium-based browsers like Opera and Yandex. The collected...
Read more...
Google is testing an new media control button in its Chrome browser that, when enabled, would allow users to pause and resume playing videos in tabs. As shown in the image above, the button appears in the upper-right side of the browser, next to the URL bar, and is accessible even for videos that are playing in background tabs. The feature is called Global Media Controls (GMC) and is available to test in the Canary build. You can install the Canary version of Chrome without overwriting your main Chrome installation (if you use that browser), as they can coexist without interrupting each other—it is like having a totally separate browser installed. As currently implemented, the play/pause...
Read more...
It is common knowledge that websites like to track your activity through cookies, but might we be giving up a bit too much privacy when surfing the web? The answer may depend on the specific browser you are using. In a recent examination of Google Chrome, a tech expert said he uncovered some startling differences in how Chrome and Mozilla's Firefox browsers treat user privacy. Geoffrey A. Fowler is a technology journalist for The Washington Post. It was there that he posted an opinion piece on why he feels that "Chrome has become surveillance software," and why he made the switch to Firefox. The article sits behind a paywall, but has been reprinted at a few other places (hit the link in the Via...
Read more...
You may have only recently updated your Firefox browser to build 67.0, but guess what? You should mash the update button once gain. The latest version, build 67.0.3, contains a fix for a major security vulnerability that is being actively exploited in the wild, according to Mozilla. Leaving Firefox unpatched is not a good idea. Listed as "CVE-2019-11707: Type confusion in Array.pop," Mozilla considers the vulnerability to be a critical one. It was discovered by a member of Google's Project Zero team and Coinbase Security, and promptly addressed with an update. "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...
Read more...
Have you updated your web browser lately? If the answer is "no" and you are running Firefox (or Firefox Quantum, as Mozilla calls it these days), there is a new build available, version 67.0. This is a finalized release and not a beta build, and it brings with it improved performance and some new features, including a cryptocurrency mining blocker. The latter would have been more useful when cryptocurrency mining was booming, but hey, better late than never, right? To Mozilla's credit, the crypto-market is highly volatile, and who knows if we will see another surge in interest. If so, it's nice to know that the latest version of Firefox offers some level of protection against unwittingly mining...
Read more...
Mozilla this week offered an apology to Firefox users over for temporarily breaking add-ons last weekend, and then issuing a temporary fix that collected telemetry data. Simply put, Mozilla admits it "failed" its users. That said, the company says it has a permanent fix in place, and promises to delete usage data that was collected. "An error on our part prevented new add-ons from being installed, and stopped existing add-ons from working. Now that we’ve been able to restore this functionality for the majority of Firefox users, we want to explain a bit about what happened and tell you what comes next," Mozilla stated in a blog post. Mozilla went on to explain that it wanted to push out...
Read more...
I used to think that a toaster would be the final frontier for RGB lighting, but apparently Razer has that covered, or at least it is planning to. So what else does that leave? I'm not sure, maybe washing machines and dryers are on the radar. In the meantime, companies are coming up with new ways of leveraging RGB lights, with Vivaldi baking in support for Razer's Chroma lighting into the latest version of its web browser. In case you've never heard of it, Vivaldi is a cross-platform browser developed by a company founded by Opera Software co-founder Jon Stephenson von Tetzchner and Tatsuki Tomita. The idea was to re-introduce a bunch of features that had been axed during Opera's transition to...
Read more...
In an ongoing effort to stay one step ahead of the bad guys (or at least keep pace with them), Google has decided to block sign-ins from embedded browser frameworks, such as the Chromium Embedded Framework (CEF). The new policy will go into effect in June, so developers have a couple of months to adjust. This is intended as yet another layer of protection to keep users safe from phishing attempts, malware, and so forth. In this particular instance, blocking sign-ins from embedded browser frameworks is intended to protect against man-in-the-middle (MITM) attacks, which is basically when an attacker is able to eavesdrop communication between two parties. Enabling two-factor authentication can help,...
Read more...
