Web browser security
This resource center provides news, expert advice, and learning tools regarding web browser security including flaws, threats, problems, errors and vulnerabilities and offers solutions for patching and fixing them. This section covers Internet Explorer, Firefox, Opera, Safari, Google Chrome and more.
Top Stories
-
News
14 Sep 2021
Google patches actively exploited Chrome zero-days
Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
-
News
08 Dec 2020
Salesforce advised users to skip Chrome browser updates
Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
-
News
25 Apr 2017
Symantec certificate authority issues, answered
Google and Mozilla weigh the proper response to Symantec certificate authority issues, as the CA giant prepares an alternative proposal for reinstating trust. Continue Reading
-
Answer
24 Apr 2017
How does Ticketbleed affect session ID security?
The Ticketbleed bug in some F5 Networks products caused session IDs and uninitialized memory to leak. Expert Judith Myerson explains what a session ID is and how attackers use it. Continue Reading
-
News
12 Apr 2017
Symantec CA woes debated by browser community
Compliance with CA/B Forum Baseline Requirements was debated after Symantec CA posted responses to 14 issues raised by Mozilla developers. Continue Reading
-
News
31 Mar 2017
HTTPS traffic has yet to surpass HTTP traffic, Fortinet study shows
News roundup: HTTPS traffic has yet to surge, despite its security benefits, according to a report. Plus, the latest in the Apple extortion; a Mirai attack lasted 54 hours; and more. Continue Reading
-
News
29 Mar 2017
Potential SSL API flaw could reveal private keys
A researcher claims to have found Symantec SSL API issues with extremely dangerous consequences, but a lack of evidence causes confusion. Continue Reading
-
News
24 Mar 2017
Google considers options on Symantec certificate authority 'failures'
Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates. Continue Reading
-
News
23 Mar 2017
DV certificates abused, but policing may not be possible
Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue. Continue Reading
-
News
06 Mar 2017
FBI chooses to protect Tor vulnerability and dismiss child porn case
The Department of Justice dropped a child pornography case in order to avoid disclosing a Tor vulnerability; dozens more cases potentially affected. Continue Reading
-
Answer
06 Mar 2017
SHA-1 certificates: How will Mozilla's deprecation affect enterprises?
Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do. Continue Reading
-
News
28 Feb 2017
Edge and IE vulnerability disclosed by Project Zero
Google Project Zero's 90-day disclosure policy bites Microsoft again, as a zero-day Edge and IE vulnerability is made public before a patch is available. Continue Reading
-
Answer
08 Feb 2017
HTTP public key pinning: Is the Firefox browser insecure without it?
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works. Continue Reading
-
News
25 Jan 2017
Project Zero finds Cisco WebEx vulnerability in browser extensions
A critical Cisco WebEx vulnerability in the service's browser extensions was discovered and patched, though some disagree the patch goes far enough to protect against attack. Continue Reading
-
Feature
30 Dec 2016
Hacking Web Intelligence
In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy. Continue Reading
-
News
16 Dec 2016
Vulnerable websites make up half of the internet's top sites
News roundup: A report finds nearly half the internet is filled with vulnerable websites. Plus, SWIFT confirms more hacks, Amit Yoran steps down from RSA and more. Continue Reading
-
News
28 Jan 2016
Oracle closing an attack vector by deprecating the Java browser plug-in
Oracle announced plans to deprecate the Java browser plug-in, a noted attack vector, though the choice was not entirely its own. Continue Reading
-
Answer
30 Dec 2015
Should the RC4 cipher still be used in enterprises?
A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today. Continue Reading
-
Answer
16 Nov 2015
Can Google's Chrome extension policy improve Web security?
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps. Continue Reading
-
Answer
13 Aug 2015
How can I mitigate the risks of alternative Android browsers?
Expert Michael Cobb explains the security risks surrounding alternative Web browsers, as well as approaches enterprises can take to prevent BYOD employees from using them. Continue Reading
-
News
20 May 2015
Google changes Chrome extension policy amid security concerns
Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store. Continue Reading
-
Answer
30 Jan 2014
Preventing plaintext password problems in Google Chrome
Plaintext passwords are risky business. Michael Cobb discusses what Google says about the Chrome password vulnerability and potential exploits. Continue Reading
-
Answer
02 Dec 2013
Heap spray attacks: Details and mitigations for new techniques
Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading
-
Answer
10 Sep 2013
Can an unqualified domain name cause man-in-the-middle attacks?
An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading
-
Answer
12 Mar 2013
Bing security: Is search engine poisoning a problem for Bing users?
Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security. Continue Reading
-
News
27 Jan 2012
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? Continue Reading
-
News
24 Jun 2011
Gartner’s Neil MacDonald on IE9 security, Apple security issues
In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Continue Reading
-
News
08 Nov 2010
Microsoft workaround could break Web pages
A temporary workaround to mitigate a zero-day vulnerability in Internet Explorer causes most Web pages to load improperly. Continue Reading
-
Tip
30 Jul 2010
How to avoid attacks that exploit a Web browser vulnerability
Beyond patching, Tom Chmielarski explains what you'll need to do to avoid application exploits caused by Web browser vulnerabilities. Continue Reading
-
Tip
06 Apr 2010
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks. Continue Reading
-
Tip
11 Oct 2007
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike. Continue Reading