The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: web browser

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
May 05, 2020Ravie Lakshmanan
If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro (v12.1.4) and Mint Browser (v3.4.3) after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers. The new privacy setting now allows Mi Browser users to disable aggregated data collection feature while in Incognito Mode, but it bears noting that it's not enabled by default. The option can be accessed by tapping the settings icon in the browser > Incognito mode settings > and then disable 'Enhanced incognito mode,' as shown in an attached screenshot below. Mint Browser and Mi Browser Pro have been downloaded more than 15 million times from Google Play to date. The devel

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
February 25, 2020Mohit Kumar
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,

Microsoft Releases First Preview Builds of Chromium-based Edge Browser

Microsoft Releases First Preview Builds of Chromium-based Edge Browser
April 08, 2019Mohit Kumar
Microsoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser. However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds for developers. Both previews build— "Canary"  that will be updated daily, and "Developer"  that will be updated every week—are now available for download from the Microsoft's new Edge insider website . Here's how Microsoft differentiates Canary and Developer builds: "Every night, we produce a build of Microsoft Edge — if it passes automated testing, we'll release it to the Canary channel. We use this same channel internally to validate bug fixes and test brand new features. The Canary channel is truly the bleeding edge, so you may discover bugs

Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs
January 23, 2018Mohit Kumar
A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers' computers. Played every month by half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment . To play Blizzard games online using web browsers, users need to install a game client application, called ' Blizzard Update Agent ,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, and " accepts commands to install, uninstall, change settings, update and other maintenance related options. " Google's Project Zero team researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the " DNS Rebinding " attack that allows any website to act as a bridge between the external server and your localhost. Just last week, Ormandy revealed a simi

Google to Block Third-Party Software from Injecting Code into Chrome Browser

Google to Block Third-Party Software from Injecting Code into Chrome Browser
November 30, 2017Swati Khandelwal
To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use

Firefox 57 "Quantum" Released – 2x Faster Web Browser

Firefox 57 "Quantum" Released – 2x Faster Web Browser
November 14, 2017Mohit Kumar
It is time to give Firefox another chance. The Mozilla Foundation today announced the release of its much awaited Firefox 57 , aka Quantum web browser for Windows, Mac, and Linux, which claims to defeat Google's Chrome. It is fast. Really fast. Firefox 57 is based on an entirely revamped design and overhauled core that includes a brand new next-generation CSS engine written in Mozilla's Rust programming language, called Stylo. Firefox 57 "Quantum" is the first web browser to utilize the power of multicore processors and offers 2x times faster browsing experience while consuming 30 percent less memory than Google Chrome. Besides fast performance, Firefox Quantum, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," also brings massive performance improvements with tab prioritization, and significant visual changes with a completely redesigned user interface (UI), called Photon . This new version also adds in support for AMD V

Microsoft Engineer Installs Google Chrome Mid-Presentation After Edge Kept Crashing

Microsoft Engineer Installs Google Chrome Mid-Presentation After Edge Kept Crashing
November 01, 2017Wang Wei
Ever since the launch of Windows 10, Microsoft has been heavily pushing its Edge browser, claiming it to be the best web browser over its competitors like Mozilla Firefox, Opera and Google Chrome in terms of speed and battery performance. However, Microsoft must admit that most users make use of Edge or Internet Explorer only to download Chrome, which is by far the world's most popular internet browser. Something hilarious happened recently during a live demonstration when a Microsoft engineer caught on a video switching from Edge to Chrome after the default Windows 10 browser stopped responding in the middle of the presentation. That is really embarrassing. The incident happened in the middle of a Microsoft Ignite conference, where the Microsoft presenter Michael Leworthy was demonstrating how to one can migrate their applications and data to Microsoft Azure cloud service. See what happens in the video below: However, Leworthy was forced to pause his Azure presenta

Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication
May 30, 2017Swati Khandelwal
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn't it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. How Browsers Works With Camera & Microphone Before jumping onto vulnerability details, you first need to know that web browser based audio-video communication relies on WebRTC (Web Real-Time Communications) protocol – a collection of communications protocols th

US Senate Just Voted to Let ISPs Sell Your Web Browsing Data Without Permission

US Senate Just Voted to Let ISPs Sell Your Web Browsing Data Without Permission
March 24, 2017Mohit Kumar
The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate. The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership. In October, the Federal Communications Commission ruled that ISPs would need to get consumers' explicit consent before being allowed to sell their web browsing data to the advertisers or other big data companies. Before the new rules could take effect on March 2, the President Trump's newly appointed FCC chairman Ajit Pai temporarily put a hold on these new privacy rules. Ajit Pai argued that the rules, which are regulated by FTC, unfairly favored companies like Google, Twitter, and Facebook, who have the ability to collect more data than ISPs and thus dominate digital advertising. "All actors in the online

Beware! Don't Fall For "Font Wasn't Found" Google Chrome Malware Scam

Beware! Don't Fall For "Font Wasn't Found" Google Chrome Malware Scam
February 22, 2017Mohit Kumar
Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack… …Just Don't Download and Install It. It's a Trap! Scammers and hackers are targeting Google Chrome users with this new hacking scam that's incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems. Here's What the Scam is and How it works: It's a "The 'HoeflerText' font wasn't found" scam. Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website that had allegedly already been compromised, possibly due to failing to apply timely security updates. The scam is not a new one to identified by NeoSmart. It has been making rounds since last month . The hackers are inserting JavaScript into poorl

Websites Can Now Track You Online Across Multiple Web Browsers

Websites Can Now Track You Online Across Multiple Web Browsers
February 15, 2017Swati Khandelwal
You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web "fingerprinting" techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed a cross-browser fingerprinting technique — the first reliable technique to accurately track users across multiple browsers based on information like extensions, plugins, time zone and whether or not an ad blocker is installed. Previous fingerprinting methods usually only work across a single browser, but the new method uses operating system and hardware level features and works across multiple browsers. This new fingerprinting technique ties digital fingerprint left behind by a Firefox browser to the fingerprint from a Chrome browser or Windows Edge running on the same device. This makes the method particularly useful to advertisers, enabling them to continue serving tar

Opera Browser Sync Service Hacked; Users' Data and Saved Passwords Compromised

Opera Browser Sync Service Hacked; Users' Data and Saved Passwords Compromised
August 27, 2016Mohit Kumar
Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser. So, if you've been using Opera's Cloud Sync service , which allows users to synchronize their browser data and settings across multiple platforms, you may have hacked your passwords, login names, and other sensitive data. Opera confirmed its server breach on Friday, saying the "attack was quickly blocked" but that it "believe some data, including some of [their] sync users' passwords and account information, such as login names, may have been compromised." Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack. Since the company has already reset pas

Opera Browser Now Offers Free and Unlimited Built-in VPN Service

Opera Browser Now Offers Free and Unlimited Built-in VPN Service
April 21, 2016Swati Khandelwal
In Brief Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone. Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security. Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks. Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click. That's a great deal! For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. Free VPN Service with Unlimited Data Usage Unlike several other free VPN services,

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

Google makes it mandatory for Chrome Apps to tell Users what Data they collect
April 19, 2016Mohit Kumar
In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features
February 03, 2016Unknown
Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to " Chromodo " -- a free browser offered by Comodo Antivirus. If your head nod is " Yes ," then you could be at risk! Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as 'Private Internet Browser' for better security and privacy, automatically overrides system settings to set itself as your 'Default Browser.' And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has 'Same Origin Policy' (SOP) disabled by default. Google's security researcher Tavis Ormandy , recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy. Orm

AdBlock Extension has been Sold to an 'Unknown Buyer'

AdBlock Extension has been Sold to an 'Unknown Buyer'
October 03, 2015Mohit Kumar
Shocking! Adblock Extension that blocks annoying online advertising has been sold... ...And more shocking, the most popular " Adblock Extension ", with more than 40 million users, quietly sold their creation to an unknown buyer ... ' Michael Gundlach ', the creator widely used Adblock Extension refuses to disclose the name, who purchased his company and how much it was sold for, just because buyer wishes to remain anonymous. After watching a popup message (as shown) on their browsers this week, the Adblock users are literally going crazy. " I am selling my company, and the buyer is turning on Acceptable Ads, " Gundlach said. Holy Sh*t! NSA Buys Adblock? The ' Anonymous buyer ' conspiracy has caused concern for Adblock users and they have raised number of questions on social media sites, such as: Should I trust AdBlock Extension anymore? Who owns the Software I have installed? Is it NSA? Also, reportedly, Michael Gun

How to Fix Chrome Massive Memory Usage? Simply Try 'Chrome 45' for Faster Performance

How to Fix Chrome Massive Memory Usage? Simply Try 'Chrome 45' for Faster Performance
September 04, 2015Swati Khandelwal
Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with it because it uses too much memory and power. Google has now solved these problems. The most recent release of Chrome ( Chrome 45 ) is intended to make your browsing experience faster and more efficient. Google launched Chrome 45 for Windows, Mac, Linux, and Android two days ago, but the company announced in an official blog post Friday that the new version includes several new updates that focus on making the browser load faster and use less memory. Also Read:  I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here's My Secret Chrome 45 Uses 10% Less RAM A major issue reported by Chrome users was the browser's consumption of PC mem

Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon

Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon
December 30, 2014Swati Khandelwal
Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10 , probably by next fall, Microsoft could come up with its brand new browser that's more similar to Mozilla's Firefox and Google's Chrome, but less like Internet Explorer (IE), according to a recent report published by ZDNet. "Ok so Microsoft is about to launch a new browser that's not Internet Explorer and will be the default browser in Windows 10," tweeted Thomas Nigro, a Microsoft Student Partner lead and developer of the modern version of VLC. The browser, codenamed " Spartan ," is a " light-weight " browser with extension support, and multiple sources confirm that this new browser isn't IE12. Instead, Spartan is an entirely new browser that will use Microsoft's Chakra JavaScript engine and Trident rendering engine (as opposed to WebKit

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard
October 15, 2014Wang Wei
Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to "fallback" to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll

Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Thousands of Mozilla Developers Emails and Password Exposed Accidentally
August 04, 2014Swati Khandelwal
Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.