< ciso
brief />
Tag Banner

All news with #browser security tag

101 articles

DuckDuckGo Browser Adds YouTube Video Ad Blocking

📰 DuckDuckGo's browser now blocks most video ads on YouTube, including pre-roll and in-play ads, using community-maintained uBlock Origin filter lists and its own compatibility rules. The feature is enabled by default on iOS, Mac, and Windows and can be turned on manually in Android settings. It is separate from Duck Player, and both can be used together to combine privacy protections and ad blocking while retaining standard YouTube features. Users are asked to test the new capability and submit anonymous feedback as it may be imperfect and occasionally require updates due to YouTube changes.
read more →

Critical Opera GX mod flaw allowed cross‑site data theft

🔒 An independent researcher discovered a critical vulnerability in Opera GX where GX Mods auto-install on download with no permission prompt, allowing an attacker to inject CSS across all pages. This behavior enabled a zero-click XS-Leak to recover a victim's Gmail address and facilitated a DoS crash when mods were forced into private mode. The issue was reported in February, patched on May 8, and the PoC was published on July 3.
read more →

Opera GX auto-install flaw allowed silent data leaks

🛡️ Researchers discovered a flaw in the gaming-focused Opera GX browser that allowed malicious websites to silently auto-install a GX Mod (a .crx look-and-feel package) and use its CSS to extract specific data from pages a victim visited. In a proof of concept, the team reconstructed a signed-in user's full Gmail address from a single visit, with no clicks required. Opera patched the issue in Opera GX version 130.0.5847.89, labeled the bug P1, paid the $5,000 maximum bounty, and reported no evidence of in-the-wild exploitation. There was no practical workaround prior to the patch.
read more →

WebAuthn Redirection Added to Browser RDP Clients

🔒 Prisma Browser added WebAuthn redirection to its in-browser RDP client, becoming the first non-Windows client to support Microsoft’s MS-RDPEWA protocol. The team found gaps in the spec, reverse-engineered undocumented Windows server behavior, and created a custom Chromium extension API to accept precomputed clientDataHash values. This approach reuses Chromium’s FIDO2 stack to support USB keys, Touch ID, Windows Hello and phone-as-authenticator transports.
read more →

Opera adds Paste Protect to block ClickFix attacks

🛡️ Opera has added Paste Protect, a feature that intercepts and blocks ClickFix-style attacks which trick users into copying and running malicious commands. The mechanism builds on existing Hijack protection and a new Injection protection to detect and prevent harmful content from reaching the browser clipboard across Windows, macOS, and Linux. When suspicious content is blocked, Opera shows a warning, a red indicator in the address bar, and permits viewing the first 120 characters or approving the copy after a 5-second delay. The feature is enabled by default and can be managed via Settings → Privacy & Security → Paste Protect.
read more →

Silent Swap clipper exploits browser extensions

🛡️ McAfee Labs uncovered an active campaign, dubbed Silent Swap, that deploys malicious Chromium extensions masquerading as a 'Google Notes' utility to intercept and replace cryptocurrency wallet addresses copied to the clipboard. The installers, observed in .NET and Golang variants, inject the extension into Chromium-based browsers by modifying protected preferences and recalculating security hashes to bypass store installation. The threat uses an EtherHiding technique to resolve C2 domains via the blockchain and performs dynamic, server-side wallet mappings to redirect funds to attacker-controlled addresses. Telemetry shows global infections, with higher concentration in India.
read more →

Malicious Perplexity-themed Chrome Extension Captured Searches

🔍 Microsoft discovered a malicious Chrome extension posing as Perplexity that logged every search query and each character typed in the address bar by routing input through an attacker-controlled server before redirecting to legitimate results. The extension, named "Search for perplexity ai" and using a look-alike domain, set itself as the default search engine and redirected queries and live suggestion traffic to the attacker domain, collecting headers, IPs, and user agent data. Microsoft reported the extension to Google, which removed it from the Chrome Web Store; defenders are urged to remove the extension and verify search settings immediately.
read more →

Chromium extension spoofs AI brand to hijack searches

🔍 Microsoft Threat Intelligence discovered a malicious Chromium extension impersonating Perplexity AI to intercept Omnibox queries and real-time search suggestions. The extension used MV3, declarativeNetRequest rules, and a typosquatted domain (perplexity-ai[.]online) to route searches through attacker infrastructure before redirecting to expected providers. Google removed the extension after responsible disclosure. Microsoft provides indicators, dynamic analysis findings, and mitigation guidance.
read more →

Malicious Edge extension leverages native messaging

🛡️ A malicious Microsoft Edge extension named Edgecution was used to bypass the browser sandbox and deploy a Python-based backdoor by abusing the Chrome Native Messaging protocol. Attackers lured victims via fake Microsoft update pages and social engineering on Microsoft Teams, delivering a malformed ZIP with an embedded Python runtime and two components: a headless Edge extension and a native Python backdoor. Zscaler links the activity to an IAB associated with the Payouts Kings ransomware operation and provides IoCs and mitigation recommendations.
read more →

FROST: SSD-based Browser Fingerprinting Threat

🛡️ Researchers at Graz University of Technology describe FROST, a novel side-channel technique that uses the browser's origin private file system (OPFS) to monitor SSD timing and infer user activity. A malicious webpage leveraging OPFS can repeatedly access storage, measuring micro-delays that reveal what apps or websites are active. The team demonstrated data transmission rates around 660–720 bits/s with ~90% accuracy and used AI to classify app and site fingerprints. Practical constraints — RAM caching, large file creation, and likely EDR/XDR detection — limit FROST to targeted attacks, but it highlights hardware-level blind spots in modern security.
read more →

Browser Threats Expose Gaps in Enterprise Security

🔒 Menlo Security's 2026 Browser Threat Report warns that many cybersecurity products fail to detect browser-based attacks. Based on telemetry from millions of enterprise browser sessions between January and March 2026, the research found one in five phishing attacks targeting enterprise browser users went undetected by legacy tools. The report highlights that modern enterprise activity increasingly occurs inside browsers, creating blind spots for products not built for the browser session layer. Menlo urges organizations to govern the browser session layer to better protect users and AI agents.
read more →

FROST attack lets websites fingerprint drives

🛡️ Researchers at Graz University of Technology describe FROST, a browser-based timing attack that uses the Origin Private File System (OPFS) to infer which sites a user visits and which apps they open. The exploit runs purely in JavaScript, requires no native code or permissions, and sharpens timer resolution via cross-origin isolation. On macOS it achieved high fingerprinting accuracy, while mitigations remain limited and browser vendors have not implemented firm fixes.
read more →

Brave launches Origin: paid minimalist browser

🔒 Brave Software released Brave Origin, a paid, minimalist edition of its browser that omits cryptocurrency, AI, rewards, and monetization-focused features. The company positions Origin for users seeking a streamlined, privacy-focused experience while retaining core protections like Brave Shields. Origin is available as a standalone download or as an upgrade for existing installations, priced at a one-time $59.99 for up to 10 devices (free on Linux).
read more →

Chromium flaw allows persistent Service Worker abuse

🛡️ Chromium contains an unpatched vulnerability that lets attackers keep a Service Worker alive across restarts and execute JavaScript persistently. Reported by researcher Lyra Rebane, the bug abuses the Background Fetch API and a race that creates and aborts background fetches to evade UI visibility. Although some UI fixes were applied in 2023, the deeper issue—preventing indefinite Service Worker lifetimes—remains unresolved and can enable tracking, crypto mining, and browser-based bots.
read more →

CypherLoc scareware locks browsers, targets users globally

🔒 Security researchers warn of a new scareware strain, CypherLoc, used in around 2.8 million attacks since early 2026. The campaign starts with phishing that directs victims to a malicious page which only activates when specific URL fragments and cryptographic checks pass. Once triggered, the code forces full-screen browser lockdowns, disables controls, displays fake security warnings and a fraudulent support number, with operators posing as Microsoft support. Barracuda urges anti-phishing, browser and endpoint protections and user education to mitigate the threat.
read more →

Attackers Bypass Security Tools via Browser and Identity

🔒 Bridewell's Cyber Threat Intelligence Report 2026 warns that attackers are abandoning traditional malware for browser- and identity-focused techniques such as ClickFix, FileFix and ConsentFix that trick users into approving commands or authentication prompts. These tactics bypass endpoint controls and MFA because they operate within trusted workflows and are harder to detect. The firm urges stronger identity protection, user awareness and threat-informed defence.
read more →

Claude in Chrome vulnerability lets other extensions hijack

⚠️ Researchers at LayerX Security disclosed a flaw dubbed ClaudeBleed in Anthropic’s Claude in Chrome extension that lets other extensions inject scripts and commandeer the assistant. The issue stems from an exposed messaging interface that trusts origins instead of execution context, enabling zero-permission extensions to issue prompts and perform cross-site actions. Anthropic released a partial patch (v1.0.70) on May 6; LayerX urges stronger mitigations.
read more →

Browser-Native DLP: Closing Modern Data Loss Blind Spots

🔒 Traditional DLP tools often miss significant risk that originates inside the web browser. The piece explains how users routinely copy, type, and upload sensitive data into web forms, AI prompts, and unsanctioned accounts—activities that endpoint, network, and cloud DLP commonly cannot inspect with the needed context. Browser-native DLP operates within the browsing session to detect clipboard events, form inputs, and uploads, understand which app and account are involved, and apply inline controls to block or warn on risky actions while preserving approved workflows.
read more →

VoidStealer Bypasses Chrome App-Bound Encryption Exploit

🔓 Researchers found that a new infostealer, VoidStealer, can bypass Chrome’s App-Bound Encryption by attaching to the browser process as a debugger and setting breakpoints at decryption routines. At the moment the browser decrypts data, the malware reads the master key directly from memory, enabling theft of session cookies and other secrets. The technique affects other Chromium-based browsers and is available as malware-as-a-service, increasing its reach. Users should combine secure practices and endpoint defenses rather than rely solely on built-in protections.
read more →

Chrome Enterprise Adds Healthcare Integrations and Security

🔒 Chrome Enterprise Premium extends the familiar Chrome browser with enterprise-grade security, management, and healthcare-focused integrations to help clinicians access EHRs and web apps securely. It highlights advanced DLP, real-time URL scanning, phishing and malware protections, and controls to block copy/paste, printing, or screen capture of sensitive records. Google announced partnerships with Epic, Imprivata, AuthX, and Citrix to optimize EHR performance, enable passwordless authentication, streamline identity, and unify virtualized workflows. Eligible organizations are offered an extended 6-month trial, no-charge seats for the trial, $5,000 in services funding upon conversion, and high-touch onboarding.
read more →