Chrome Web Browser | Breaking Cybersecurity News | The Hacker News

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox,  said . In keeping this in mind, the internet and ad tech giant said it's taking a "deliberate approach" and  extending the testing window  for its ongoing Privacy Sandbox initiatives prior to phasing out third-party cookies. Cookies are pieces of data planted on a user's computer or other device by the web browser as a website is accessed, with third-party cookies fueling much of the digital advertising ecosystem and its ability to track users across different sites to show targeted ads. Privacy Sandbox is Google's umbrella term for a set of technologies ...

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73. Tracked as CVE-2020-6519 (rated 6.5 on the CVSS scale), the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites. According to PerimeterX, some of the most popular websites, including Facebook, Wells Fargo, Zoom, Gmail, WhatsApp, Investopedia, ESPN, Roblox, Indeed, TikTok, Instagram, Blogger, and Quora, were susceptible to the CSP bypass. Interestingly, it appears that the same flaw was also highlighted by Tencent Security Xuanwu Lab more than a year ago, just a month after the release of Chrome 73 in March 2019, but...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

After enabling ' Site Isolation ' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed processes in the browser. Since each site in the browser gets its own isolated process, in case of a browser flaw or Spectre like side-channel vulnerability, the feature makes it harder for attackers or malicious websites to access or steal cross-site data of your accounts on other websites. Site Isolation helps protect many types of sensitive data, including authentication cookies, stored passwords, network data, stored permissions, as well as cross-origin messaging that help sites securely pass messages across domains. The feature gained attention in January 2018, ...

Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as ' Magellan ' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a lightweight, widely used disk-based relational database management system that requires minimal support from operating systems or external libraries, and hence compatible with almost every device, platform, and programming language. SQLite is the most widely deployed database engine in the world today, which is being used by millions of applications with literally billions of deployments, including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more. Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and...

It is no secret how miserably Microsoft's 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements. According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium -based web browser, dubbed project codename " Anaheim " internally, that will replace Edge on Windows 10 operating system as its new default browser, a journalist at WindowsCentral learned. Though there is no mention of Project Anaheim on the Microsoft website as of now (except Anaheim Convention Center at California), many speculate that the new built-in browser could appear in the 19H1 development cycle of Microsoft's Insider Preview program. According to the report, the new browser will be powered by Blink rendering engine used by Chromium, one that also powers Google's Chrome browser, instead of Microsoft's own EdgeHTML engine. Chromium is an open-source Web b...