Stay secure online with the latest web browser security news, tips, and updates. Protect your data and privacy with our expert insights.
Search across headline titles and summaries.
Background for this topic.
Web Browser is a software application that enables users to access, retrieve, and view content on the World Wide Web, including webpages, images, videos, and other types of data. When it relates to information security, the context centers around how web browsers are used as a vector for various cyber threats and attacks, as well as the security measures taken to protect users from harm.
Browsers often handle sensitive data such as personal information, login credentials, and financial details. They must, therefore, be equipped with robust security features like sandboxing, secure protocols (HTTPS), and regular updates to address vulnerabilities. Furthermore, the security extensions and privacy settings within browsers help in enhancing user security against tracking, phishing, and malware. Information security within web browsers also encompasses practices like secure browsing habits, the importance of not storing passwords within the browser, or ensuring that private browsing modes are used when necessary. Therefore, managing and mitigating risks related to web browsers is a critical aspect of maintaining overall cybersecurity posture.
Weekly headline count for the current query.
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [...]
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla
Web browser companies have put in substantial effort over the last three decades to strengthen the browser security stack to withstand abuses. Agentic browsers are undoing all that work.
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. [...]
AI Firm Discovers New Prompt Injection Attack ClassOpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans.
Study finds built-in browsers across gadgets often ship years out of date Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.…
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser
Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware
In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption
Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. [...]
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. [...]
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code