Archive for the ‘Web browser security’ Category

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

January 9th, 2020
Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing

Posted in cyber security, Firefox, Firefox browser, hacking news, Mozilla Developers, mozilla security, type confusion vulnerability, Web browser security, Zero-Day Vulnerability | Comments (0)

Apple Under Fire Over Sending Some Users Browsing Data to China’s Tencent

October 14th, 2019
Do you know Apple is sending iOS web browsing related data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently

Posted in Apple iOS, Apple privacy, Chinese government, cyber security, Google Safe Browsing, Privacy Breach, safari web browser, safe web search, Tencent China, Web browser security | Comments (0)

Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme

September 20th, 2019
Two widely used Adblocker Google Chrome extensions, posing as the original — AdBlock and uBlock Origin — extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and

Posted in ad blockers, ad fraud, AdBlock Extension, browser cookies, browser hacking, chrome extension, cookie stuffing, Google Chrome, tracking cookies, Web browser security | Comments (0)

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

October 15th, 2018
All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols. Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to

Posted in Apple Safari, Firefox, Google Chrome, Internet Explorer, Microsoft Edge browser, safari update, SSL Certificate, SSL TLS security, TLS encryption, Web browser security | Comments (0)

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

February 16th, 2017

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update.

The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the

Posted in ASLR, Bypass ASLR, exploit code, hacking news, hacking web browser, JavaScript code, javascript exploit, Web browser security | Comments (0)

Comodo’s so-called ‘Secure Internet Browser’ Comes with Disabled Security Features

February 3rd, 2016
comodo-web-browser-security

Beware Comodo Users!

Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns.
First of all, make sure whether your default browser had been changed to “Chromodo” — a free browser offered by Comodo Antivirus.
If your head nod is “Yes,” then you could be at risk!
Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as ‘Private Internet Browser’ for better security and privacy, automatically overrides system settings to set itself as your ‘Default Browser.’
And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has ‘Same Origin Policy’ (SOP) disabled by default.
Google’s security researcher Tavis Ormandy, recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy.

Ormandy notes that “all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.”

Moreover, this is a total unethical movement to change default browser settings without users’ knowledge.
Same Origin Policy (SOP) is one of the browser security policies that permits scripts running in a web browser to only make requests to pages on the same domain.
If enabled, Same Origin Policy will prevent malicious scripts on one page from obtaining access to sensitive data on another web page.

What If, Same Origin Policy is Disabled

chromodo-browser

To understand this, assume you are logged into Facebook and somehow visits a malicious website in another tab.

With SOP disabled, various malicious script files on that website could take over the control of your Facebook profile, allowing malicious actors to compromise your account with access to your private messages, post status updates, etc.
The same thing Comodo is doing with its users, by default disabling SOP in Chromodo that could allow attackers to:
  • Steal session authentication cookies.
  • Perform malicious actions through script code.
  • Even Replace trusted websites with attacker-created HTML design.

How to Check, If your Browser has SOP Enabled/Disabled

If you are still unsure whether your browser is SOP disabled, then visit this link.
If you are getting a prompt as “Browser appears to be fine,” then you are out of danger.
But, if you are getting a negative approach such as “Your browser is not enforcing the SOP,” you are advised to migrate to other browsers such as Chrome or Firefox for your self-defense against any malicious attack.
Stay Safe! Safe Tuned!

Posted in chrome, Chromodo, comodo antivirus, hacking news, same origin policy, Same Origin Policy Bypass, secure web browser, web browser, Web browser security | Comments (0)

Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

November 2nd, 2015

Well, here’s some terrible news for all Apple iOS users…

Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9.

Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a startup by French-based company Vupen that Buys and Sells zero-day exploits.

And Guess what,

Posted in Apple iOS 9, browser hacking, Bug Bounty Program, hacking iphone, hacking news, iOS 9.0 jailbreak, iphone hack, jailbreak, Vulnerability, Vupen, Web browser security, Zero-Day Vulnerability, zerodium | Comments (0)

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

September 21st, 2015

Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly.

Yes, you can crash the latest version of Chrome browser with just a simple tiny URL.

To do this, all you need to do is follow one of these tricks:

Type a 16-character link and hit enter
Click on a 16-character link

Posted in dos attack, Google Chrome, google chrome crash, hack browser, security news, Vulnerability, Web browser security | Comments (0)

WebAssembly — New Standard for Powerful and Faster Web Apps

June 23rd, 2015

Google, Apple, Microsoft, and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance.

Dubbed WebAssembly (or wasm for short), a project to create a new portable bytecode for the Web that will be more efficient for both desktop as well as mobile web browsers to parse than the complete source code of a Web page or an

Posted in assembly language, browser, Fastest Browser, High Speed Internet Service, Web browser security, webassembly, website speed | Comments (0)

Apple Safari Browser Vulnerable to URL Spoofing Vulnerability

May 19th, 2015

A serious security vulnerability has been uncovered in Apple’s Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address.

A group of researchers, known as Deusen, has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari

Posted in address spoofing vulnerability, Advance Phishing Attacks, apple security, hacking news, phishing attack, safari web browser, Vulnerability, Web browser security | Comments (0)