2.6 million Microsoft Edge users were exposed to malware in 119 hidden browser add-ons – a failure of marketplace validation processes with direct implications for enterprise-wide endpoint controls.
A widely distributed YouTube ad blocker extension can inject arbitrary JavaScript code into any website through its architecture, posing significant security risks for networks using this extension.
JavaScript can reveal which applications and websites a user opens via SSD-timing side channels without requiring system privileges or browser extensions.
FROST exploits disk latency measurements via the OPFS API and machine learning to remotely identify user tabs and programs, fundamentally compromising browsers’ security model.
Modern attackers increasingly operate at the browser level, where traditional endpoint and network security controls apply, but browser-specific controls are absent.
Browser-based AI attacks and uncontrolled employee use of AI tools make transparent monitoring of browser traffic a core task of modern cybersecurity governance.
Google and Microsoft have released comprehensive security updates for their browsers Chrome (148.0.7778.216/217) and Edge (148.0.3967.96), with Chrome closing 151 vulnerabilities. Enterprise-wide patching should be prioritized.