browser security

As organizations pick up pace after the summer, cybersecurity teams face a compacted calendar of risk: Microsoft’s Windows 10 end-of-life, new behavior in Windows 11 and OneDrive, increasingly sophisticated browser threats, an emerging privacy storm around activity-capture features, and...

Google’s September stable update for Chrome closed a notable Use‑After‑Free (UAF) in the Dawn WebGPU implementation — tracked as CVE‑2025‑10500 — alongside several other high‑severity graphics and engine fixes; Windows users and administrators running Microsoft Edge (Chromium‑based) should treat...

Google pushed an emergency Chrome update to address CVE-2025-10585, a type confusion vulnerability in the V8 JavaScript engine that Google says is being actively exploited in the wild — and because Microsoft Edge is Chromium-based, Windows users and enterprises must confirm their Edge builds...

Google released an emergency Chrome stable update that fixes a use‑after‑free (UAF) vulnerability in the WebRTC component tracked as CVE‑2025‑10501, and Microsoft Edge (Chromium‑based) customers should treat the issue as relevant until Microsoft ships the Chromium ingestion for Edge. Background...

Google has quietly turned the Chrome toolbar into a direct gateway for Gemini — rolling out what the company calls the “biggest upgrade in its history,” a sweeping set of AI features that embed Gemini natively into the browser, surface an AI Mode in the address bar, and promise future “agentic”...

Windows 11’s taskbar just gained a one‑click “Perform speed test” control — but instead of spinning up a native diagnostic engine, the button opens your default browser and lands on Bing’s internet speed test (the same Speedtest technology Ookla powers in Bing). Background Microsoft has been...

Microsoft’s security advisory around a freshly disclosed browser bug highlights a repeat problem for mobile users: an insufficient UI warning in Microsoft Edge (Chromium-based) for Android that enables spoofing over a network. The vendor entry you provided points to a CVE record that the...

Microsoft is quietly testing a small but notable convenience feature in Windows 11: a one‑click internet speed test shortcut embedded directly in the network flyout and taskbar context menu — a shortcut that, for now, simply launches Bing’s online speed‑test widget rather than running a native...

Mozilla has added a way to turn off its new AI features — but only for IT administrators, not ordinary users, leaving privacy‑minded consumers stuck with an awkward manual workaround or buried about:config toggles to fully opt out. Background Firefox has been steadily adding on‑device and...

Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...

A newly assigned Chromium vulnerability, CVE-2025-10200, is a use‑after‑free flaw in the ServiceWorker implementation that Google patched in its September stable updates; the bug allows a remote attacker, by luring a user to a crafted page, to trigger heap corruption and potentially achieve...

Google’s Chrome is quietly treating copy-and-paste as a first‑class privacy risk: Canary builds now show Safety Check automatically removing clipboard permissions from sites you haven’t visited recently, surface a clear “Removed permissions for [x] sites” notice in the menu, and give users a...

Mozilla has quietly pushed the Firefox 115 Extended Support Release (ESR) safety net forward again: security updates for Firefox 115 on legacy desktops — specifically Windows 7, Windows 8, Windows 8.1 and older macOS builds — will continue through March 2026, with Mozilla planning a formal...

Chrome’s September security update closes a high-severity use-after-free vulnerability in the V8 JavaScript engine — tracked as CVE-2025-9864 — that could allow an attacker to corrupt memory and potentially achieve remote code execution through a crafted web page, and administrators of...

Google's Chromium project has logged a serious security issue — tracked as CVE-2025-9866 — describing an inappropriate implementation in Extensions that can be weaponized to bypass Content Security Policy (CSP) via a crafted HTML page; Google has issued a Chrome stable update to remediate the...

Google's Chromium team has fixed a medium-severity UI spoofing flaw—tracked as CVE-2025-9865—that existed in the browser's Toolbar implementation and could allow domain spoofing on Android when a user performed specific UI gestures on crafted pages. Background Chromium's September 2025 security...

Google and the Chromium project have patched CVE-2025-9867, a medium-severity inappropriate implementation bug in the Downloads component that can be abused for UI spoofing on Chrome for Android, and users should update their mobile and desktop Chromium-based browsers immediately to eliminate...

Palo Alto Networks has pushed a clear marker in the SASE arms race with the launch of Prisma SASE 4.0, a major platform refresh that explicitly frames the next phase of enterprise security as AI versus AI — protecting organizations not only from AI-augmented attackers, but from the uncontrolled...

Mozilla’s decision to keep Firefox 115 ESR alive for older machines is the latest twist in a multi-stage, pragmatic approach to supporting users who remain on end-of-life operating systems — the Extended Support Release for Firefox 115 will now be maintained for Windows 7, Windows 8/8.1 and...

Google’s quiet change to Chrome’s security documentation — adding an explicit AI Features section to the Chrome Security FAQ — is a small, technical edit with outsized implications for how browser vendors will treat generative AI moving forward. The new guidance makes a clear, pragmatic...