AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. […]
Tag: browser
Apps, Global Security News, Risk Management
Cisco Secure Access and Island Browser Enable Zero Trust Everywhere
The integration between Cisco Secure Access and Island enterprise browser improves the user experience while reducing risk by connecting and protecting user access to private applications from unmanaged devices.
Global Security News
New FROST attack exploits browser features for website and app tracking
The FROST attack leverages the Origin Private File System (OPFS), a browser feature, to measure Solid-State Drive (SSD) access speeds.
Apps, Global Security News
Websites can spy on user activity by analyzing SSD behavior
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never expect a website to observe: activity on their SSD (Solid-State Drive), the storage device where applications and files are…
AI, Exploits, Global Security News, privacy
Google leaks details for Chromium bug that can turn browsers into bots
Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more. The vulnerability…
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
AI, Compliance, Global Security News
Microsoft says it’s making AI ‘safe for work’ in your browser
Microsoft is testing the addition of agentic AI to its corporate browser, Edge for Business. A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Agentic AI will help with completing multi-step tasks such as filling in forms, navigating…
Global Security News
Microsoft Edge to stop loading cleartext passwords in memory on startup
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup. […]
AI, Global Security News
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. […]
AI, Data Breaches, Exploits, Global Security News
Claude in Chrome is taking orders from the wrong extensions
Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be abused to inject scripts that can potentially hijack the assistant’s capabilities and manipulate browsing…
Global Security News, privacy
Widely Used Browser Extensions Selling User Data
Dozens of browser extensions openly sell user data via privacy policy disclosures
AI, Exploits, Global Security News, privacy, Risk Management
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
CVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browser. The flaw worked even when Tor’s New Identity feature was used, bypassing protections meant…
Global Security News
Microsoft: Some Teams users can’t join meetings after Edge update
Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings. […]
AI, Data Breaches, Global Security News, malware, Network Security, Risk Management
130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders
A widespread browser extension campaign is quietly compromising users by disguising data-stealing tools as TikTok video downloaders. “While many people see browser extensions as harmless little widgets, oftentimes they have no idea who is actually behind these extensions, and what capabilities they contain within their source code,” said Natalie Zargarov, security researcher at LayerX in…
Global Security News
Microsoft Teams right-click paste broken by Edge update bug
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. […]
AI, Apps, Cybersecurity, Global Security News
How to Remove Wave Browser (User Complaints, Safety Check & Fix Guide)
Learn how to remove Wave Browser and address issues some users have reported in this guide. Some users have reported unexpected behavior after installing Wave Browser, such as changes to browser settings or increased ads. While Wave Browser is a legitimate application, it has been classified by some users and security tools as a potentially…
Global Security News
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
New “Storm” infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. […]
AI, Cybersecurity, Global Security News, privacy
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, privacy, Russia
LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…
AI, Global Security News, privacy
BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs
LinkedIn is accused in the BrowserGate report of tracking 6,000+ browser extensions on users’ PCs, raising concerns over privacy and data collection practices.
Global Security News
Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience.
AI, Exploits, Global Security News
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. “Use-after-free in Dawn in Google…
AI, Exploits, Global Security News
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s being used by attackers). CVE-2026-5281’s official description says it’s a use-after-free (UAF) vulnerability in…
Global Security News
Phantom Project Bundles Infostealer, Crypter and RAT For Sale
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
Global Security News
Wave Browser Brings Gaming Tools and Ocean Cleanup into the Same Tab
Wave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity.
Global Security News, malware
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. […]
AI, Global Security News
OpenAI Plans Launch of Desktop ‘Superapp’ to Refocus, Simplify User Experience
The AI company will combine ChatGPT, Codex app and browser in an effort to focus and streamline its resources.
AI, Apps, Global Security News
Versa Secure Enterprise Browser delivers browser-native security for enterprise apps
Versa has revealed early access to Versa Secure Enterprise Browser, a new browser-native security capability within the VersaONE Universal SASE Platform that protects employees, contractors, and partner users as they access web, SaaS, and enterprise AI applications by enforcing security, access, and data protection policies directly within the browser session. The browser has become the…
AI, Global Security News
Menlo Security delivers unified governance and threat prevention for AI agents and humans
Menlo Security has unveiled the Browser Security Platform, purpose-built to secure the agentic enterprise, where autonomous AI agents will outnumber human employees and the browser has become the operating system for both. Menlo provides unified control plane to apply machine-speed governance and threat prevention to both human and non-human actors, deployed globally on Menlo’s elastic…
AI, Global Security News, malware
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026.
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google warns of two actively exploited Chrome zero days
Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…
AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google warns of two actively exploited Chrome zero days
Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google has released updates to patch two high-severity zero-day vulnerabilities in the Chrome browser that are already being exploited in the wild.. The flaws affect critical components responsible for rendering web content and executing JavaScript, potentially allowing attackers to crash the browser or execute malicious code on vulnerable systems. One of the vulnerabilities, CVE-2026-3909, allows…
AI, Exploits, Global Security News
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. “Google is aware that exploits for…
AI, Exploits, Global Security News
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows – CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform…
AI, Cybersecurity, Global Security News
Browser Extensions Pile Up, and Nobody Remembers Who Added Them
In this post, I will talk about browser extensions pile up, and nobody remembers who added them. Adding a new browser extension used to feel like a small upgrade—a way to streamline one little task or add a useful shortcut to your daily routine. Now, most people have a crowded collection of extensions that’s grown…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Federal judge blocks Perplexity’s AI browser from making Amazon purchases
A federal judge has blocked Perplexity, makers of the Comet AI browser, from accessing user Amazon accounts and making purchases on their behalf. In an March 9 order, Judge Maxine Chesney of the Northern District Court of California said the temporary injunction reflects the likelihood that Amazon “will succeed on the merits” of its claim…
AI, Global Security News
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last…
AI, Global Security News
PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser
Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.
AI, Endpoint, Global Security News, Network Security
2026 Browser Data Reveals Major Enterprise Security Blind Spots
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware’s 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. […]
AI, Data Breaches, Global Security News, Risk Management
Push Security adds malicious browser extension detection to block threats in employee browsers
Push Security has announced new malicious browser extension detection and blocking capabilities within its browser-based security platform. The feature enables organizations to automatically block known-bad extensions from running in employee browsers. Attackers are increasingly turning to malicious browser extensions as a preferred method of compromise. Recent campaigns such as ShadyPanda, ZoomStealer, and GhostPoster, along with…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Perplexity Comet Browser Bug Leaks Local Files via AI Prompt Injection
A newly disclosed attack against Perplexity’s AI-powered Comet browser shows how agentic browsers can be manipulated into leaking sensitive data directly from a user’s machine. Zenity Labs researchers demonstrated a zero-click attack that tricks the browser’s AI agent into reading local files and sending their contents to an attacker-controlled server. The attack “… results in…
AI, Global Security News, Risk Management
Chrome to start bi-weekly updates in September
Starting in September, Google’s Chrome browser will receive a new release every two weeks, the company has announced. Since 2021, Chrome has been on a four-week release schedule for new major versions. The rationale for the faster two-week cycle is to enable faster delivery of performance improvements, bug fixes, security updates, and new features to…
AI, Global Security News
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. The new schedule begins with the stable release of Chrome 153 on September 8, 2026, followed by new beta and stable releases every two weeks. The change…
AI, Global Security News, Network Security, Risk Management
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure…
Global Security News
Chrome in 2026: Why your browser needs a security audit right now
GUEST OPINION: We often think of our web browser as a neutral window to the internet – a piece of software that fetches pages and displays images. This assumption is dangerously outdated.
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Three High-Severity Chrome Flaws
Google has released a security update for its Chrome browser that addresses three high-severity vulnerabilities, which could pose risk to users. One of the vulnerabilities, CVE-2026-3061, allows “… a remote attacker to perform an out-of-bounds memory read via a crafted HTML page,” said NIST in its advisory. Inside the Chrome Vulnerabilities The security update addresses…
Global Security News
Supply Chain Attack Embeds Malware in Android Devices
Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.
AI, Global Security News
Swedish AI browser Strawberry is now available to everyone
Stockholm-based Strawberry is launching its “self-driving” AI-powered browser in open beta after a year in closed testing. Strawberry is a browser with built-in AI agents that can surf, click, and perform real tasks on behalf of the user, even on login-protected sites. The idea is to make AI agents available to non-technical users such as…
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Infostealers Target OpenClaw AI Configuration Files
Infostealer malware is expanding beyond traditional browser and banking credential theft to target personal AI assistant environments. Researchers at Hudson Rock recently identified a live infection in which attackers exfiltrated a victim’s OpenClaw configuration files, including authentication tokens, cryptographic keys, and stored contextual data used by the AI agent. “While the malware may have been…
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Exploit available for new Chrome zero-day vulnerability, says Google
Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Exploit available for new Chrome zero-day vulnerability, says Google
Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…
AI, Exploits, Global Security News
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming…
AI, Artificial Intelligence, Browser, Global Security News, privacy, Security
Firefox Will Give Users an AI Kill Switch for Better Privacy
Not everyone wants AI in their browser. Firefox 148 is introducing easy toggles to disable chatbots and AI tab grouping. Discover how Mozilla is prioritising user choice and privacy in its latest 2026 update.
AI, Global Security News, Security
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. […]
AI, Apps, Cloud Security, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
Zscaler extends zero-trust security to browsers with SquareX acquisition
Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup. The deal will enable Zscaler to extend its Zero Trust Exchange capabilities directly into standard web browsers, across both managed and unmanaged devices. With Zscaler Private Access (ZPA), the company has been assisting enterprises adopt zero…