browser security

CISA’s April 1 update is a reminder that the Known Exploited Vulnerabilities Catalog remains one of the most operationally important signals in federal cybersecurity. The agency says it has added CVE-2026-5281, described as a Google Dawn use-after-free vulnerability, based on evidence of active...

AI chatbots with built-in browsers are no longer a novelty feature tucked away in a product demo. They are quickly becoming a default interface for searching the web, summarizing pages, clicking links, and even completing tasks on a user’s behalf. That convenience comes with a quietly expanding...

CISA’s addition of two browser-related flaws to the Known Exploited Vulnerabilities (KEV) Catalog on March 13, 2026 — tracked as CVE‑2026‑3909 (an out‑of‑bounds write in Skia) and CVE‑2026‑3910 (an unspecified but actively exploited flaw in Chromium’s V8 engine) — is a blunt operational signal...

Google appears to be building a way to switch off the browser’s WebGPU engine on devices running Android 16 as part of the operating system’s new Advanced Protection Mode, a move that signals both the maturing importance of GPU-accelerated web APIs and the continued security headaches they can...

If you’ve been thinking “I’ll try these new AI helpers later,” you’re not alone — they don’t wait. Over the past year major platforms have started embedding generative‑AI features directly into search, browsers, email, productivity apps, and even system shells. That convenience comes with real...

A convincing fake Google Account security page is being used as the front end for a surprisingly sophisticated browser-based surveillance toolkit that can convert an installed Progressive Web App (PWA) into a persistent command-and-control (C2) channel, steal one-time passcodes and clipboard...

Mozilla’s support path for users running pre–Windows 10 desktops has reached a clear milestone: Firefox 115 ESR will be the last maintained Firefox build for Windows 7, Windows 8 and Windows 8.1, and Mozilla’s support documentation now states that security updates for those legacy installations...

Mozilla will stop delivering security updates for Firefox on Windows 7, Windows 8, and Windows 8.1 as the maintenance window for the Firefox 115 Extended Support Release (ESR) closes at the end of February / early March 2026, leaving those legacy Windows installs without any mainstream, actively...

Google’s disclosure of CVE-2026-1861 — a heap buffer overflow in libvpx — is small, but it matters: the bug was fixed in Chrome’s Stable channel (build 144.0.7559.132) and appears in multiple vendor tracking feeds, and Microsoft has listed the CVE in its Security Update Guide to document the...

Mozilla is giving users an unmistakable way to tell the AI revolution to stay out of their browser: starting with Firefox 148, rolling out February 24, 2026, the desktop browser will include a dedicated AI Controls panel with a single “Block AI enhancements” master toggle that disables current...

Mozilla has given users a one-click way to tell the AI revolution to stay out of their browser: starting with Firefox 148, rolling out February 24, the desktop browser adds an AI Controls panel with a single “Block AI enhancements” master switch that disables current and future generative AI...

Microsoft Edge’s latest Stable update finally hands users a simple, supported way to remove the Copilot toolbar icon — but that small win sits inside a much larger, messy landscape of WebGL backend changes, new enterprise controls, and ongoing questions about how Microsoft is reshaping Edge...

Mozilla’s announcement that “Firefox will continue to support Windows 10 for the foreseeable future” changes the security calculus for millions of PCs — but it does not erase the risks introduced by Microsoft’s end of free OS servicing, and treating this as anything other than a stopgap would be...

The coming year will not be quiet for end‑user IT: agentic AI, baked‑in browser intelligence, and new classes of endpoint controls will reshape how knowledge workers interact with applications, how IT governs data, and where security investments land. Background The desktop as a passive...

Microsoft has quietly turned up the pressure on Windows users who try to install a competing browser: when you open Google Chrome’s download page in Microsoft Edge, some Windows installations now display a native banner that reframes the decision as an online-safety choice rather than a simple...

Microsoft’s new Edge banner that appears when users visit Google’s Chrome download page is the latest, highly visible escalation in a long-running tug-of-war over browser choice on Windows — and it crystallizes a wider strategic problem: Microsoft is trying to win users back with safety...

Puffin’s claim — that web pages can be rendered in the cloud and delivered to your PC faster, safer, and with far less bandwidth — is the central promise behind Puffin Browser for desktop. The pitch is simple: move the heavy lifting off the local machine, use remote Blink engines to process...

Microsoft is rolling out a hardline browser security change for Microsoft Entra ID sign-ins that will block most externally injected scripts on pages that start with login.microsoftonline.com, enforcing a Content Security Policy (CSP) designed to stop script-injection and cross-site scripting...

Microsoft’s security database lists a reportable entry for a Microsoft Edge (Chromium‑based) remote code execution concern under the label CVE‑2025‑60711, but authoritative public technical details for that specific identifier are currently scarce or not published in vendor pages accessible...

Chyron’s Toolbox 4 represents a pragmatic, production‑focused refresh aimed at closing the gap between everyday PC/web content and live broadcast workflows by adding SDI/NDI capture, Windows 11 compatibility, full HD output, and a more flexible content‑grabber toolset that producers can...