Firefox 100 and Chrome 100 may have user-agent issues

Mozilla developers have warned that sites may experience problems with the upcoming versions of Firefox 100 and Chrome 100 (released May 3 and March 29, 2022). The fact is that the release of new versions will mean that the user-agent values will become three-digit. The user-agent string contains information such as the name of the… Continue reading Firefox 100 and Chrome 100 may have user-agent issues

Google developers told how they will implement Manifest V3

This week, Google developers shared their plans to bring the infamous Manifest V3 to full functionality, which became available in the beta version of Chrome 88. Let me remind you that for the first time talks about Manifest V3 started in 2018. Then the developers of Google announced that they intend to limit the work… Continue reading Google developers told how they will implement Manifest V3

Google stopped trying to shorten URLs in the address bar

Google’s experiment with attempt to shorten URLs (hiding parts of the URL from the address bar) has finally failed and was finished. Let me remind you that in recent years, Chrome developers have returned to this topic more than once. For example, back in 2018, developers tried to make the browser interface simpler and more… Continue reading Google stopped trying to shorten URLs in the address bar

Chrome 90 gets new security feature to protect against attacks on Windows 10

Google has introduced a new Windows 10 security feature called Hardware-enforced Stack Protection in its Chrome 90 browser to protect the memory stack against cyberattacks. Microsoft introduced Hardware-enforced Stack Protection in March 2020. The feature is designed to defend against Return-Oriented Programming (ROP) attacks. To do this, Hardware-enforced Stack Protection uses processor hardware to protect… Continue reading Chrome 90 gets new security feature to protect against attacks on Windows 10

Google fixed another major vulnerability in the V8 engine

A series of feverish fixes for problems in Google Chrome continues, this time Google has fixed a major vulnerability related to the operation of the JavaScript engine V8 in the browser. The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher… Continue reading Google fixed another major vulnerability in the V8 engine

Chrome again frantically fixes 0-day vulnerabilities

Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220. The CVE-2021-21206 vulnerability was discovered in the V8 JavaScript engine and is related to the… Continue reading Chrome again frantically fixes 0-day vulnerabilities

Researcher discovered that Chrome Sync function can be used to steal data

Croatian researcher Bojan Zdrnja discovered a malicious Chrome extension abusing Chrome Sync. If you do not use Chrome, let me remind you that this function is applied to synchronize data between different user’s devices, and stores copies of all user bookmarks, browsing history, passwords, as well as browser settings and browser extensions on Google cloud… Continue reading Researcher discovered that Chrome Sync function can be used to steal data

Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020,… Continue reading Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

Chrome 87 Fixed NAT Slipstream Vulnerability and Disabled FTP Support

Google engineers introduced Chrome 87, in which was disabled FTP support. The new version of the browser is already available for users of Windows, Mac, Linux, Chrome OS, Android and iOS. The developers claim that Chrome has become more productive and “lighter”. So, due to the limitation of JavaScript timers and a number of other… Continue reading Chrome 87 Fixed NAT Slipstream Vulnerability and Disabled FTP Support

Google engineers fixed Chrome 0-day vulnerability that was already under attacks

Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks. The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome… Continue reading Google engineers fixed Chrome 0-day vulnerability that was already under attacks