web browser | Breaking Cybersecurity News | The Hacker News

Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL in your Chrome browser – " chrome : //settings/passwords ". Unlike Firefox , till now Google Chrome was not offering any Master Protection. Finally Google has implemented a Master Password protection on Chrome password manager in Windows and Mac. Now you have to enter your Windows account password to reveal the saved passwords. The protection will be lifted for a minute, after entering the password, and after that user need to re-login. Previously, Google was criticized many times for such bad password storage Practice because there is no master password, no security, not even a prompt that " these passwords are visible " and this allows anyone with access to a user's c

Address space layout randomization (ASLR) is a security technique involved in protection from buffer overflow attacks. Many recent APT (Advanced Persistent Threat) attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at  FireEye . Many exploits and malware attacks rely on the ability of the programmer to accurately identify where specific processes or system functions reside in memory. In order for an attacker to exploit or leverage a function, they must first be able to tell their code where to find the function or process to exploit.  The goal of ASLR  is to introduce randomness into addresses used by a given task. It involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries, in a process's address space.  Today a lot of attention is brought to client side exploits especially inside web browsers . Normally the e

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks. WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application. Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more. To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will