JavaScript Attack Can Break ASLR

BleepingComputer has reported that security researchers discovered a new attack that can be carried out in nearly any browser just using JavaScript. Even with the protections & sandboxing of today’s modern browsers (like Google Chrome, Microsoft Edge, Opera, and Mozilla Firefox) it can break the address space layout randomization (ASLR) that most of today’s central… Continue reading JavaScript Attack Can Break ASLR

Release: Google Chrome 56

Google Chrome Browser Logo

Google has released version 56 of its web browser, based on the open-source Chromium web browser. There were 51 security-related bug fixes and one security researcher nabbed over thirty-thousand dollars ($30,000) for reporting some particularly nasty cross-site scripting (XSS) issues in Blink, Chrome’s rendering engine. Here are the other new and fixed features: For Users… Continue reading Release: Google Chrome 56

Release: Firefox 51

Mozilla Firefox Logo

Mozilla has released version 51 of the open-source Firefox web browser. What can you expect from this release? For Users Save password prompt allows you to view the password before it is saved Zoom button added to the URL bar that displays the zoom level other than 100% – pressing the button returns to default… Continue reading Release: Firefox 51

Browsers’ Interfaces Are Insecure

As browsers continue to add new features, many of them need to notify or request confirmation from the user. These notifications and dialogs are showing outside the browser interface and appear inside or overtop of the content window (considered to be untrusted since any content can be displayed by developers). This means that content developers… Continue reading Browsers’ Interfaces Are Insecure

Chrome Changes: Encryption Notification

Google Chrome Browser Logo

Google Chrome version 56 (based on the open-source Chromium web browser) is scheduled to be released at the end of the month. One of the major user-level changes is how sites without encryption will appear. Until now there has just been a lowercase letter “i” with a circle around it — this was typically an indicator… Continue reading Chrome Changes: Encryption Notification

Google Chrome 55 Released

Google Chrome Browser Logo

Google has released version 55 of the Chrome web browser (based on the open-source Chromium browser) a few days early (was supposed to be released on the 6th). There was over $70,000 paid out to security experts, developers, and white-hat hackers for finding over 25 different security-related issues with the browser. Noteworthy features: async &… Continue reading Google Chrome 55 Released

Chrome Security Update: 45.0.2454.101

Google Chrome Browser Logo

Google has released a security update for it’s Chrome web browser. The new version, 45.0.2454.101, includes fixes for a reported cross-origin bypass that affects both the document object model (DOM) parser as well as the V8 JavaScript/ECMAScript engine. It is recommended that you update your browser to this version to prevent possible exploits. You can do so… Continue reading Chrome Security Update: 45.0.2454.101

Firefox: Stolen and Fixed

Mozilla Firefox Logo

Mozilla, an open-source software community run by the non-profit organization, Mozilla Corporation, and developers of the Firefox web browser, has announced it’s bug tracking software, Bugzilla, was hacked. The organization’s blog post states that the account that was compromised had access to privately-listed bugs representing zero-day security flaws in the browser. However, if you keep your browser… Continue reading Firefox: Stolen and Fixed