June 2022 Patch Tuesday wrapped up a few loose ends we were waiting on. The Follina remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) was...
A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection’, an attack that extracts sensitive information from webpages. While dangling markup...
May 2022 Patch Tuesday provided the final releases for several Windows 10 operating systems and this month we’ll see the final update for Internet Explorer 11. But...
Web developers who rely on a workaround that relaxed the same origin policy to allow subdomains to exchange content will soon need to take a different...
A “crazy” parser bug potentially leading to XSS exploits has been patched by Chromium developers. The vulnerability was reported in July 2021 to Chromium developers by...
February 2022 Patch Tuesday was an anomaly. Not only did we see record low numbers of vulnerabilities addressed across all of Microsoft’s operating systems, but we also...
Chrome is deprecating direct access to private network endpoints from public websites in order to protect users from cross-site request forgery (CSRF) attacks. Part two of the browser’s...
A set of features meant to speed up web page loading in Chrome contained a bug that allowed attackers to bypass the browser’s Site Isolation feature, a security...
A fixed bug in Chrome allowed attackers to read and write local files and install malicious scripts on devices running the browser’s headless interface, researchers at...
The Chromium team has patched a universal cross-site scripting (uXSS) vulnerability that allowed attackers to run arbitrary JavaScript code on Chrome’s ‘New Tab’ page (NTP). According to a...
Recent Comments