All news with #browser security tag

🛡️ Chromium contains an unpatched vulnerability that lets attackers keep a Service Worker alive across restarts and execute JavaScript persistently. Reported by researcher Lyra Rebane, the bug abuses the Background Fetch API and a race that creates and aborts background fetches to evade UI visibility. Although some UI fixes were applied in 2023, the deeper issue—preventing indefinite Service Worker lifetimes—remains unresolved and can enable tracking, crypto mining, and browser-based bots.

🔒 Security researchers warn of a new scareware strain, CypherLoc, used in around 2.8 million attacks since early 2026. The campaign starts with phishing that directs victims to a malicious page which only activates when specific URL fragments and cryptographic checks pass. Once triggered, the code forces full-screen browser lockdowns, disables controls, displays fake security warnings and a fraudulent support number, with operators posing as Microsoft support. Barracuda urges anti-phishing, browser and endpoint protections and user education to mitigate the threat.

🔒 Bridewell's Cyber Threat Intelligence Report 2026 warns that attackers are abandoning traditional malware for browser- and identity-focused techniques such as ClickFix, FileFix and ConsentFix that trick users into approving commands or authentication prompts. These tactics bypass endpoint controls and MFA because they operate within trusted workflows and are harder to detect. The firm urges stronger identity protection, user awareness and threat-informed defence.

⚠️ Researchers at LayerX Security disclosed a flaw dubbed ClaudeBleed in Anthropic’s Claude in Chrome extension that lets other extensions inject scripts and commandeer the assistant. The issue stems from an exposed messaging interface that trusts origins instead of execution context, enabling zero-permission extensions to issue prompts and perform cross-site actions. Anthropic released a partial patch (v1.0.70) on May 6; LayerX urges stronger mitigations.

🔒 Traditional DLP tools often miss significant risk that originates inside the web browser. The piece explains how users routinely copy, type, and upload sensitive data into web forms, AI prompts, and unsanctioned accounts—activities that endpoint, network, and cloud DLP commonly cannot inspect with the needed context. Browser-native DLP operates within the browsing session to detect clipboard events, form inputs, and uploads, understand which app and account are involved, and apply inline controls to block or warn on risky actions while preserving approved workflows.

🔓 Researchers found that a new infostealer, VoidStealer, can bypass Chrome’s App-Bound Encryption by attaching to the browser process as a debugger and setting breakpoints at decryption routines. At the moment the browser decrypts data, the malware reads the master key directly from memory, enabling theft of session cookies and other secrets. The technique affects other Chromium-based browsers and is available as malware-as-a-service, increasing its reach. Users should combine secure practices and endpoint defenses rather than rely solely on built-in protections.

🔒 Chrome Enterprise Premium extends the familiar Chrome browser with enterprise-grade security, management, and healthcare-focused integrations to help clinicians access EHRs and web apps securely. It highlights advanced DLP, real-time URL scanning, phishing and malware protections, and controls to block copy/paste, printing, or screen capture of sensitive records. Google announced partnerships with Epic, Imprivata, AuthX, and Citrix to optimize EHR performance, enable passwordless authentication, streamline identity, and unify virtualized workflows. Eligible organizations are offered an extended 6-month trial, no-charge seats for the trial, $5,000 in services funding upon conversion, and high-touch onboarding.

🛡️ Unit 42 identified 18 malicious browser extensions posing as GenAI productivity tools that deliver RATs, infostealers and MitM capabilities. These extensions intercept prompts, exfiltrate credentials and proxy HTTPS responses, often using AI-generated code to accelerate development. Organizations should restrict extensions, scrutinize permissions and treat browsers as critical attack surfaces. Google removed or warned developers after disclosure.

🔍 A LayerX Security study found more than 80 widely used browser extensions explicitly reserve the right to collect and sell user data, with millions of combined installations across categories such as streaming, ad blocking and productivity. The researchers reported that 71% of Chrome Web Store extensions do not publish a privacy policy, leaving many users without visibility into how their data is handled. The findings detail networks of media extensions aggregating viewing behavior and at least a dozen ad blockers and 29 business-focused extensions that may expose enterprise browsing activity. LayerX recommends organisations adopt centralized extension governance and add privacy policy review to extension evaluation criteria.

🔒 Researchers at Socket uncovered 108 malicious Google Chrome extensions that collectively amassed about 20,000 installs and reported to a single command-and-control server. Published under five publisher identities, the add-ons posed as games, Telegram sidebars, and enhancement tools while exfiltrating Google account data, hijacking Telegram Web sessions, opening arbitrary URLs, and injecting ads and scripts. Some source files contained Russian-language comments; attribution remains unconfirmed. Users should remove any identified extensions and log out of Telegram Web sessions immediately.

🔔 Researchers uncovered 'Pushpaganda', an ad fraud campaign that uses search engine poisoning and AI-generated content to surface deceptive stories in Google Discover and trick Android and Chrome users into enabling persistent browser notifications. Once enabled, the alerts deliver scareware-style legal threats and redirect victims through actor-controlled domains that generate illicit ad revenue and funnel users to financial scams. HUMAN's findings link the operation to hundreds of domains and hundreds of millions of bid requests, and Google has deployed a fix.

🚨Research by Socket uncovered a coordinated campaign of 108 malicious Chrome extensions that affected about 20,000 users. Distributed across gaming, social media and translation categories, these extensions appear legitimate while quietly harvesting sensitive data, including Google profiles and active web sessions. Operators used a single command-and-control infrastructure and shared code, complicating detection and enabling a Malware-as-a-Service model.

🔒 A new report from LayerX warns that AI browser extensions are an unmonitored consumption channel that bypasses DLP and SaaS logs, granting direct access to page content, inputs, cookies, and sessions. AI extensions are significantly more likely to contain CVEs and to request scripting, cookie, or tab-manipulation permissions, and they frequently expand privileges after installation. The report urges continuous extension inventories, behavior-based controls, and stricter trust criteria to reduce exposure without hindering productivity.

🔒 Enterprise security must stop reflexively blocking tools and start governing browser sessions. The article argues that legacy controls—kernel‑hooking agents, SSL inspection and URL blocks—create a "Workaround Economy" where users move sensitive data to unmanaged apps and extensions. It urges a shift to session‑level governance with prompt‑level DLP, extension risk scoring, and agentless clipboard/upload controls to enable productivity while reducing blind spots.

🔒 Work has shifted into the browser, creating a broad visibility and control gap as employees access SaaS, collaborate with GenAI and interact across unmanaged devices. Legacy perimeter and endpoint tools cannot see last-mile actions such as sensitive uploads to unsanctioned models, malicious extensions, or agentic browser behaviors that reassemble malware in memory. Prisma Browser restores control with context-aware policies, embedded Enterprise DLP, continuous page inspection and governance for both human and agent activity, enabling safe AI use without blocking innovation.

🔒 Cloudflare is making advanced client-side protections self-serve and offering domain-based threat intelligence free across all Client-Side Security customers. The Client-Side Security Advanced bundle brings machine learning and an LLM-backed second opinion to detect malicious JavaScript and drastically reduce false positives. It relies on browser reporting like CSP and requires only that traffic be proxied through Cloudflare, so there is zero latency impact to applications. These tools are intended to help organizations of all sizes detect skimming, supply-chain compromises, and sophisticated browser-side attacks.

🛡️ Security researchers have warned of malicious Chrome extensions that silently monitor and exfiltrate users' AI chat content. According to Expel, extensions watch open tabs and capture prompts and responses via API interception or DOM scraping before sending the data to external servers. Attackers either impersonate popular tools or convert legitimate extensions into malicious ones after building a user base. Organisations are urged to block unvetted AI extensions and centrally manage and audit extension use.

🛡️ Firefox 149 introduces a free built-in VPN that provides signed-in users with up to 50 GB of browser-only monthly traffic via a secure proxy. The feature can be toggled globally or enabled on up to five specific sites to save data, while certain sites and services are excluded to avoid sign-in and reconnection issues. Mozilla says it will collect only limited technical and interaction data to monitor performance, and routing servers are U.S.-based. Rollout begins in the US, UK, Germany and France; the update also adds Split View and fixes 46 security vulnerabilities.

🔒 Chrome Enterprise outlines five enhancements aimed at reinforcing browser security for organizations, addressing modern risks from session theft to malware-driven credential theft. Highlights include Device Bound Session Credentials to prevent session hijacking, cache encryption to protect data at rest, and App-bound encryption to block unauthorized apps from reading browser-stored secrets. Administrators also get tighter download controls and deeper integrations with partners such as Citrix and Okta to improve access decisions and incident response.

🔐 Prisma Browser for Business delivers a secure, browser-first workspace tailored to small businesses, combining enterprise-grade threat detection with a simplified admin experience. Built on Chromium and powered by Palo Alto Networks' Precision AI, it inspects webpages and extensions in real time to block AI-enabled phishing, browser-delivered malware, and risky extensions. The browser adds AI-aware controls to prevent sensitive data from being pasted into unauthorized GenAI tools and offers one-click SSO onboarding, preconfigured policies, and a 30-day no-contract trial.