4 matches found
Characterizing Phishing Pages by JavaScript Capabilities
In 2024, the Anti-Phishing Work Group identified over one million phishing pages. Phishers achieve this scale by using phishing kits -- ready-to-deploy phishing websites -- to rapidly deploy phishing campaigns with specific data exfiltration, evasion, or mimicry techniques. In contrast, researche...
Microsoft Edge: Chakra: JIT: CallRegExSymbolFunction doesn't check the return type
The "CallRegExSymbolFunction" method is used to call symbol functions in regexp objects. But it doesn't check the return value's type. Since the user can define the symbol functions, it can break the JIT compiler's type assumptions. Tested Microsoft Edge 41.16299.15.0 with Experimental JavaScript...
Stable Channel Update
The Chrome Team is excited to announce the promotion of Chrome 35 to the Stable channel for Windows, Mac, and Linux. Chrome 35.0.1916.114 contains a number of fixes and improvements, including: More developer control over touch input New JavaScript features Unprefixed Shadow DOM A number of new...
Two Unpublished IE Cases
I'd like to publish two IE cases that I know about. Although it's too late. These two cases have already been patched. Just want to get them on the record here. Many complained that IE7's new features roadblocked hacking into this app. Well, those features are like any other Microsoft's public...