7 articles tagged with "Browser Security"
New Storm infostealer bypasses Chrome's App-Bound Encryption by shipping encrypted credentials to attacker infrastructure for decryption. Endpoint tools can't detect it.
LayerX researchers found that custom font rendering can hide malicious prompts from ChatGPT, Claude, Gemini, and other AI assistants while displaying them to users.
CVE-2026-2441 is a high-severity CSS use-after-free in Chrome being exploited in the wild. Update to version 145.0.7632.75 immediately.
Mozilla patches six high-severity flaws in Firefox 147 and ESR releases. Multiple sandbox escape vulnerabilities could enable arbitrary code execution.
Five malicious extensions masquerading as HR tools steal authentication tokens, block security panels, and enable account takeover through cookie injection.
Two rogue browser extensions masquerading as AI tools exfiltrated complete conversation histories from ChatGPT and DeepSeek to attacker-controlled servers every 30 minutes.
CVE-2026-0628 allowed malicious extensions to inject scripts into privileged pages through insufficient policy enforcement. Update to Chrome 143.0.7499.192.