EUVD-2019-3413

Malware in sbrugna...

Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases...

CVE-2019-11743

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history throu...

CSP 1.0 Added to Firefox to Block XSS Attacks

After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been implemented in Google Chrome and Internet Explorer and there was a limited implementation of it in Firefox...

Senate Committee to Discuss Do Not Track at Key Hearing

The dram surrounding the Do Not Track specification and its implementation by browser manufacturers is set to continue on Thursday when the Senate Commerce Committee will hold a hearing to discuss whether the proposed specification is strong enough or has been weakened by the digital advertising...