Blog

 Total Cookie Protection is a privacy feature that has been introduced by Mozilla over the past few years into different Firefox settings. As of this week, Total Cookie Protection has been rolled out globally to all desktop Firefox users as a default feature. This new update ensures users of Firefox on Windows, Mac, and Linux,Read more

Google has issued a new version of the Chrome browser to resolve a number of serious security issues.  Several vulnerabilities have been discovered and fixed in the latest release of Google Chrome, including one rated as Critical which could allow arbitrary code execution on the victim’s system. CVE-2022-1853 is a use after free vulnerability inRead more

Google has released a patch for a zero day exploit in Google Chrome – the second zero day patched so far this year. Tracked as CVE-2022-1096, this High severity Type Confusion vulnerability was reported on 23rd March and a patch was released just 48 hours later.  Google is aware that an exploit exists in theRead more

Starting in March 2022, Google Chrome will start supporting the new Private Network Access standard which will help protect local network devices from malicious internet traffic. Private Network Access, or PNA, will prevent malicious websites from using the victim’s browser as a proxy to relay cross-site request forgery attempts to devices on the user’s localRead more

Google is rolling out a new version of their Chrome web browser that fixes a remote code execution vulnerability that is under attack in the wild – the seventh zero day in Chrome so far this year. The new version of Chrome (91.0.4472.114) on Linux, Windows, and Mac resolves four high severity vulnerabilities including CVE-2021-30554Read more

Firefox has rolled out a new Site Isolation feature that greatly improves the security of the web browser by isolating every domain visited into a separate process.  This provides protection against Meltdown and Spectre style attacks and cross site attacks that attempt to thwart the Same-Origin policy. Known internally as Project Fission, this significant developmentRead more

At the start of 2018 details were first published of the theoretical Spectre attack which exploits flaws in the design of modern CPU to allow data to be stolen from memory.  Now Google has published a working proof-of-concept. Spectre is the name given to a number of attacks that are variations on a theme –Read more

Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where thisRead more

Google has issued an urgent update for Chrome which patches a zero-day vulnerability under active exploitation. The Chrome team took just one day from report of the vulnerability to issuing the patch, such is the danger posed by this flaw. The patch is included in Chrome version v86.0.4240.111 (CVE-2020-15999) – any older versions should beRead more

Mozilla and Google have confirmed they will be aligning with Apple and their browsers will reject any web server certificate issued after 1st September which is valid for more than a year. Apple announced the move to only support 1 year certificates back in February and now Mozilla and Google (and thus all the ChromiumRead more