Researchers Warn of Data Exposure Risks in Claude Chrome Extension

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers...

CVE-2024-43487

Windows Mark of the Web Security Feature Bypass Vulnerability...

SUSE CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

CVE-2023-23597 Logic bug in process allocation allowed to read arbitrary files

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

CVE-2023-23604 Creation of duplicate SystemPrincipal from less secure contexts

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...

Remote Code Execution(RCE)

firefox is vulnerable to Remote Code ExecutionRCE. A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString leading to web security bypass, which allows an attacker to upload and execute malicious code on the system under attac...