Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...

Google to Ditch Public Key Pinning in Chrome

Google said that in an upcoming version of Chrome it will deprecate the browser’s support for HTTP public key pinning. Instead, it will adopt the “safer” more flexible solution of Expect-CT headers. HTTP public key pinning HPKP is a browser security measure that protects against an SSL certificat...

SSL/TLS: Check for `max-age` Attribute in HPKP Header

The remote web server is using a too low value within the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SSL/TLS: HTTP Public Key Pinning (HPKP) Detection

Checks if the remote web server has HTTP Public Key Pinning HPKP enabled. Note: Most major browsers have dropped / deprecated support for this header in 2020. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SSL/TLS: HTTP Public Key Pinning (HPKP) Missing

The remote web server is not enforcing HTTP Public Key Pinning HPKP. Note: Most major browsers have dropped / deprecated support for this header in 2020. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SSL/TLS: `includeSubDomains` Missing in HPKP Header

The remote web server is missing the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108249";...

Mozilla Patching Firefox Certificate Pinning Vulnerability

Mozilla is expected tomorrow to patch a critical vulnerability in Firefox’s automated update process for extensions that should put the wraps on a confusing set of twists surrounding this bug. The flaw also affected the Tor Browser and was patched Friday by the Tor Project. The vulnerability firs...

Google Chrome browsing_data_remover.cc Spoofing Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 51.0.2704.63, browser/browsingdata/browsingdataremover.cc removes HPKP within Cache Cleanup, a spoofing vulnerability exists, which can be exploited by remote attackers to spoof websites...

chromium-browser: hpkp pins removed on cache clearance

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2015:0077-2)

MozillaFirefox was updated to version 35.0 bnc910669 Notable features : - Firefox Hello with new rooms-based conversations model - Implemented HTTP Public Key Pinning Extension for enhanced authentication of encrypted connections Security fixes : - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to version 35.0 bnc910669 Notable features: Firefox Hello with new rooms-based conversations model Implemented HTTP Public Key Pinning Extension for enhanced authentication of encrypted connections Security fixes: MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to version 35.0 bnc910669 Notable features: Firefox Hello with new rooms-based conversations model Implemented HTTP Public Key Pinning Extension for enhanced authentication of encrypted connections Security fixes: MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous...