When it comes to the socially engineered malware, it looks like Microsoft’s Internet Explorer is the only web browser that manages to fight it well.
According to the latest study by NSS Labs, IE10 running on the Windows 8 protected test systems against 99.1% of all the malicious web pages, followed by Google’s Chrome 70.4% mark.
However, when it came to Firefox and Safari, the block rates were incredibly low, 4.2% and 4.3% respectively.
And a laptop.
Following the recent Pwnium 2 competition, a hacker nicknamed “Pinkie Pie”, has successfully compromised Google’s Chrome web browser and received a free Chromebook and a cash prize of $60,000.
Earlier this year, Pinkie Pie and Sergey Glazunov have also reaped a reward of $60,000, following the successful escape of everyone’s beloved sandbox.
Thanks to a recent security vulnerability discovery, the German government’s Federal Office for Information Security, has advised users to use alternative web browsers until Microsoft fixes the issue, “a fast spreading of the code has to be feared.”, said BSI.
Meanwhile, Yunsun Wee, Microsoft’s Trustworthy Computing spokesperson, said the the software giant is working on a fix and it should be available in the next few days.
Internet Explorer 10 is not affected.
Thanks to some clever engineering, a new attack has reportedly affected computers running IE7, IE8 and IE8 running on Windows XP, Vista and 7 machines.
According to the recent report, by utilizing Adobe’s Flash Player to conduct a “heap spray” and bypass Windows ASLR (Address Space Layout Randomization) protection, attackers have delivered “Poison Ivy” Trojan to unsuspecting victims.
Recently, Google has released a new stable build of its desktop web browser, which includes a new sandbox architecture.
Now, the search giant has shared some good news with its Android users as they too will be receiving a new build that strengthens web browser’s security.
According to the recent blog post, Chrome for Android sandbox was improved due to the multi-process architecture and Android’s User ID isolation technology.
Apache HTTP Server, a software that is widely used by more than 600 million web sites (that’s about 60% percent of the http client market share), has recently issued a patch, which overrides Internet Explorer’s DNT setting.
What does it mean? It means that the majority of all the web sites will ignore the Do Not Track setting by default.
The patch’s author, Adobe employee Roy T. Fielding, has said the following:
Phishing by the data URI.
According to a report from TheRegister, Henning Klevjer, a student from Norway, has modified a somewhat old phishing technique (documented by Billy Rios and Nathan McFeters), which allows phishers to hide the entire malicious web page and transform it into a clickable link.
Confirms their commitment on security.
Well, here is a potential chance for you to make millions of dollars, all you have to do is find dozens of exploits in the Google’s Chrome web browser and reap the rewards.
Even though Google has already paid more than $1 million dollars for bug reports, the search giant has recently announced that they will be increasing the budget for its Chromium Vulnerability Rewards Program. According to the official blog post, bug hunters will now receive a bonus of $1,000 or more for every security flaw discovered.
Windows and Linux only.
Thanks to a sharp focus, Google Chrome engineers are able to work just on a few, rather than dozen features at the same time, delivering stable rather than clunky web experience.