Tag: browser security
40 articles

Opera GX Flaw Enables Sites to Auto-Install Malicious Mods
A critical flaw in Opera GX allowed websites to secretly install malicious customization mods, which could then siphon sensitive data from other sites you visited - and it took a $5,000 bounty and a May 8 patch to fix the issue. This sneaky exploit let attackers install mods without your consent, putting your online security at risk.

Opera Introduces Paste Protect to Thwart ClickFix Attacks
Opera's new Paste Protect feature helps keep you safe from sneaky ClickFix attacks by automatically blocking suspicious copy actions that could land malware on your device. This clever tool outsmarts scammers who try to trick you into pasting malicious commands, protecting you from unwanted surprises.

AI Model DeepSeek Enables Browser-Only Ransomware With Simple Prompts
Researchers have uncovered a concerning trend: nearly half of the files generated by the DeepSeek AI model - over 1,300 out of 3,000 - have been flagged as malicious or dangerous, including some that can launch browser-only ransomware with just a few simple prompts.

BioShocking Attack Exploits AI Browsers for Data Theft
Researchers have uncovered a chilling new attack, dubbed BioShocking, that exploits AI browsers to steal sensitive data by cleverly tricking them into treating real actions as fictional. This ingenious technique uses a simple game to condition AI agents into accepting fake actions as valid, putting even the most secure systems at risk.

AI Browsers Exposed to Credential-Leaking BioShocking Attack
A shocking new attack has been discovered that can trick AI browsers and assistants into leaking sensitive user credentials, with six popular agents already proven vulnerable. This sneaky tactic, called BioShocking, uses a clever game-like approach to bypass safety protocols and get agents to cough up personal info.

Researchers Expose AI Browser Vulnerability to Credential Theft
Imagine a simple game trick that could convince AI-powered browsers to hand over your login credentials - a vulnerability researchers have now exposed, leaving users at risk. By creating a malicious web page that changes an AI agent's sense of reality, hackers can bypass safety guardrails and gain access to sensitive information.

Cloudflare Unveils Protocol to Distinguish Legitimate Web Traffic
Cloudflare is shaking up the way we verify online traffic with a new protocol that helps websites distinguish between legitimate users and AI-powered bots. Meet PACTs, a game-changing solution that lets sites share anonymous tokens, essentially a private, shareable CAPTCHA test result.

Cloudflare Unveils Token Protocol to Help Websites Distinguish Humans from Bots
Cloudflare is teaming up with top browsers to launch Private Access Tokens, a game-changing protocol that helps websites tell humans from bots, filtering out abusive traffic while keeping user data safe. This innovative solution is a major step forward in tackling AI-powered traffic and ensuring a smoother online experience.

Google Patches Actively Exploited Chrome Zero-Day Flaw
Google just issued an emergency patch for a major Chrome vulnerability, CVE-2026-11645, that's already being exploited by hackers - and it's urging users to update their browsers ASAP to stay safe. This latest fix is part of a massive update that tackles 74 Chrome vulnerabilities, including a high-severity zero-day flaw.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software
Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Google Chrome Zero-Day Exploited in Wild, Prompting Urgent Patch
Google just dropped an urgent update for Chrome, and you need to know why: a zero-day exploit, tracked as CVE-2026-11645, has been found in the wild, allowing hackers to execute malicious code inside your browser. This critical vulnerability lets attackers access memory outside of Chrome's intended limits, putting your online safety at risk.

Google Patches Chrome Zero-Day Flaw Exploited in the Wild
Google just dropped an emergency update for Chrome, fixing a whopping 74 vulnerabilities, including a zero-day flaw that's been exploited by hackers in the wild. A security researcher scored a $55,000 reward for reporting the bug, now patched in the latest Chrome update.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack
Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Browser Becomes Front Line in AI Security Battle
The battle for AI security is heating up, and the browser has become the front line - with security teams facing a double threat of AI-powered attacks converging in this critical space. Attackers are leveraging AI to supercharge phishing techniques, including device code phishing kits that have surged 18x in just one year.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout
Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

ChatGPT Exposes Users to Prompt Injection Attacks via Browser Content
Researchers have uncovered a vulnerability in ChatGPT that leaves users open to prompt injection attacks, where malicious content is embedded into web pages and then summarized by the AI system as legitimate information. This loophole could put users at risk of falling prey to spoofed security alerts and other online threats.

Google Exposes Unfixed Chromium Flaw Details
A security researcher just blew the whistle on a glaring Chromium flaw that Google thought was fixed - but still works, putting tens of thousands of users at risk of a botnet attack. The exploit, first reported in 2022, allows malicious websites to remotely execute JavaScript on unsuspecting devices.

Microsoft Alters Edge to Mitigate Password Exposure Risk
Microsoft is taking a major step to boost password security in its Edge browser, rolling out a defense-in-depth change to mitigate the risk of password exposure. This update will be applied across all supported Edge versions, prioritizing a swift rollout to protect users.

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition
Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

Claude AI Extension Flaw Enables Cross-Plugin Hijacking
A security flaw in the Claude AI Chrome extension could put users at risk, as it allows other browser extensions to issue commands to Claude without verification. This vulnerability creates a backdoor for hackers to hijack the AI model, warns LayerX senior researcher Aviad Gispan.

Mozilla Reveals AI-Powered Bug Detection Boosts Firefox Security Fixes
Mozilla's April bug cull was massive, with 423 Firefox security fixes - a whopping five times more than the previous month and 20 times the usual monthly average, thanks in part to a boost from AI-powered bug detection. This huge spike in repairs is a testament to the power of innovative technology in keeping Firefox users safe and secure.

Microsoft Edge Exposes Saved Passwords in Plaintext
Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt passwords when needed.

Microsoft Edge Exposes Saved Passwords in Cleartext
Storing passwords in plain text poses a significant risk, especially in shared environments, as a security researcher recently discovered that Microsoft Edge saves decrypted credentials in its memory, making them vulnerable to exposure. This flaw allows saved passwords to be accessible even when they're not in use.

Kaspersky Exposes Web Filtering Category for Sites with Undefined Trust Levels
Kaspersky has introduced a new web-filtering category for sites that just don't feel right - they're not quite phishing sites, but you still shouldn't trust them. The new "Sites with an undefined trust level" category helps keep you safe from manipulative or shady online resources.