web security

Recently, a vulnerability identified as CVE-2024-5840 has been in the spotlight due to its implications for web security. This vulnerability, reported and assigned by Chrome, poses a significant risk by allowing a policy bypass in Cross-Origin Resource Sharing (CORS) mechanisms. For users of...

In the ever-evolving landscape of web security, vulnerabilities present significant risks to users and organizations alike. One such vulnerability, identified as CVE-2024-6776, represents a use after free bug associated with audio handling in Chromium. This report delineates the specifics...

In a recent development affecting web security, "CVE-2024-6779" has been identified as a critical vulnerability concerning Chromium's V8 JavaScript engine. This security flaw allows for out-of-bounds memory access, which could potentially be exploited by attackers to execute arbitrary code...

--- In July 2024, a critical vulnerability identified as CVE-2024-6992 was assigned specifically to the Chromium code base, which is at the core of several popular web browsers, including Microsoft Edge. The significance of this vulnerability extends not only to Chrome users but also to millions...

Hello.., I have seen many websites ask for accepting cookies. What is the purpose of the acceptance of the cookies what will be the impact if don't accept the cookies? Thanks in advance.

Starting with Microsoft Edge 92, users can preview the Automatic HTTPS feature, which automatically switch your connections to websites from HTTP to HTTPS. As you browse the web, you may notice that the Microsoft Edge address bar displays a “not secure” message for some sites, and a lock icon...

:cool: :p

Microsoft Inspire is a chance to connect with, and celebrate, our valued partners all around the world. Today, we are excited to announce that the FastTrack Ready Partner program is expanding to include the Link Removed. Learn more about the program—and additional Microsoft Edge news and...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...

I was using the Steven Black Hosts File to block malware and Ads. But lately the DNS Client kept activating and using 30 - 50% of my CPU and blocking me from doing anything online. By googling the symptoms of my DNS Client getting stuck like that I found that it can be caused by too large of a...

Hello, When i log in sites Microsoft Edge he ask me if i want to save the user and password. If i answer "YES", everything OK. If i answer "NO" he never more ask me to save the password. This is a problem for me, because in future i would like to say "YES". How can i configure for every time i...

Malwarebytes has been a really terrific program for me for many years. Lately, it's been acting up and their tech support dept. has not been responsive to their customers. One of the posters on their site said they posted a need for help on Oct 8 and as of this morning -- Oct 13, have not...

I am writing to explain my issue that I installed ssl certificate, then I decided to delete the ssl certificate but after I deleted it I found that my site fails to signing in. The attached error is appear when I try to sign in by any user but the site still working normally if i use it without...

Revision Note: V1.0 (May 9, 2017): Advisory published. Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only...

With secure browsing in mind, I've been experimenting with various browsers that are advertised to offer good security in the Internet. I'm currently trying Yandex, which is Russian designed. Knowing how adept the Russians are, do you think I should have any concerns about their software, as far...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted...

:eek:

Most modern software have tools built in for detecting threats as we browse the web and download files, but typically, we do not get to see them in action. If you would like to see how your Microsoft Edge, Internet Explorer and Windows Defender reacts to these types of threats, then there are a...

Continue reading...

Severity Rating: Critical Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...