Google to Fully Distrust WoSign/StartCom SSL Certs in Chrome 61

Websites that are still using digital certificates issued by Chinese Certificate Authority WoSign may want to accelerate their plans to replace those certs. Google last week said it will fully distrust remaining certificates issued by the CA starting with Chrome 61. Devon O’Brien of the Chrome...

Chrome Universal XSS using late widget updates (CVE-2017-5006)

VULNERABILITY DETAILS Among the things that Document::shutdown does, |view-dispose| is called: From /thirdparty/WebKit/Source/core/frame/FrameView.cpp: void FrameView::dispose ... // FIXME: Do we need to do something here for OOPI? HTMLFrameOwnerElement ownerElement = mframe-deprecatedLocalOwner;...

LocalTapiola: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti

Basic report information Summary: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti Description: Tonttutesti´s kutsu kaverisi feature sends email to friend with a link to Localtapiola´s tonttutesti site. Fields "Nimesi" and "Kaverisi nimi" seem to be vulnerable...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 56 to the stable channel - 56.0.2924.76 for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 56.0.2924.76 contains a number of fixes and improvements -- a list of changes is available in the log. Watch o...

Google Removing SHA-1 Support in Chrome 56

The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates. Google said it will remove it...