Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...
Network World

JavaScript-based ASLR bypass attack simplifies browser exploits

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors ...
Gizmodo

TikTok’s In-App Browser Has Code to Track Users’ Inputs and Activity

While TikTok said the code’s only used for debugging, researchers also found Meta products Facebook and Instagram can track users’ in-app browser. Reading time 5 minutes Tick tock goes the clock. It ...
ZDNet

Google sets up research grant for finding bugs in browser JavaScript engines

Google has set up a research grant program to help and sponsor security researchers and academics find vulnerabilities in browser JavaScript engines. The program has one rule, namely that the bugs ...
MacRumors

TikTok's In-App Browser Reportedly Capable of Monitoring Anything You Type

TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor "all keyboard inputs and taps" while a user is interacting with a given ...
9to5Mac

Developer creates tool that shows injected JavaScript commands through an in-app browser

A few days ago, developer Felix Krause shared a detailed report on how mobile apps can use their own in-app web browser to track user data. Now Krause is back with a new tool that lets anyone see ...
InfoQ

New JavaScript Set Methods Now Supported by All Major Browser Engines

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Bleeping Computer

Brave now lets you inject custom JavaScript to tweak websites

Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing ...
PC World

Microsoft to open source Edge browser’s Chakra JavaScript engine

Microsoft will open up its Chakra JavaScript engine as an open-source project on GitHub next month. The code repository, called ChakraCore, will include the key components of Chakra engine used for ...
Computerworld

JavaScript-based attack simplifies browser exploits

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors ...