Any security professional will tell you that diversity is a good thing; if you use enough different products, it is highly unlikely that all of them will have the same security issue. While this is mostly correct, Amit Klein at Trusteer just released a report (PDF) about a privacy issue that affects all major browsers [...]
Entries Tagged ‘browser security’
Just days after a report co-authored by Google claimed that the automatic update feature of the Chrome browser help improve security by silently installing patches without asking for approval from the user, the managed to demonstrate the downside of this approach.
Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t successfully hacked despite the $5000 reward offered: The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one [...]
Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The [...]
When the first release candidate for Internet Explorer 8 was released, the accompanying press release mentioned it had the ability to protect users from clickjacking attacks “out of the box”. and that this was possible “without impacting compatibility”. Microsoft has just provided some additional details that show how this protection works; for now, it looks [...]
This is a bad week for browser security; not only is Microsoft rushing out an emergency patch tonight, other browser makers are releasing their own updates as well as people worldwide go online to do their Christmas shopping. Opera released version 9.63 of their browser yesterday, fixing several security issues. The most critical ones allow [...]
At the Blackhat conference, a new attack agains webbrowsers was detailed: GIFAR files. These are files that look like a GIF image to the webserver, but like a Java program to the webbrowser. So, you might ask, what is the danger of this? To quote infoworld: To the Web server, the file looks exactly like [...]