All CosmicBytez Labs articles tagged #Browser Security, across news, security advisories, how-to guides, and projects.
A critical use-after-free vulnerability in Google Chrome's Core component on Windows allows remote attackers to escape the browser sandbox via a crafted HTML page. Patch to Chrome 150.0.7871.125 immediately.
A high-severity deserialization vulnerability in Microsoft Edge (Chromium-based) allows unauthorized network attackers to execute arbitrary code. CVSS 8.3 — update Edge immediately.
Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...
A malicious extension masquerading as the Perplexity AI answer engine was discovered on the Chrome Web Store, intercepting search traffic and collecting...
Security researchers at Island discovered that 'Adblock for YouTube,' a Chrome extension with over 10 million installs and a Featured badge, contains a...
Zscaler researchers exposed 'Edgecution', a rogue Microsoft Edge extension that exploits Chrome's Native Messaging protocol to escape the browser sandbox...
A malicious Microsoft Edge extension dubbed 'Edgecution' abused the Native Messaging API to escape the browser sandbox and deliver a Python backdoor used...
Both Google and Mozilla have released urgent browser updates addressing multiple memory safety vulnerabilities, including critical-severity flaws that...
The 2026 Verizon DBIR confirms phishing, shadow AI, malicious extensions, and credential theft now execute inside the browser, exposing major security gaps.
The Windows version of the Hola Browser has been hit by a supply chain attack that bundled a cryptocurrency miner with the official installer, silently…
Google has released Chrome 148 with patches for 151 security vulnerabilities, including critical-severity flaws that could allow remote code execution....
Microsoft is reversing course on a controversial Edge browser behavior that loaded all saved passwords into process memory in cleartext at startup — a...
Google has patched the fourth Chrome zero-day vulnerability actively exploited in attacks this year, a use-after-free flaw in the Dawn graphics engine...
Google has released a Chrome security update patching 21 vulnerabilities including a high-severity use-after-free zero-day in the Dawn graphics engine...
Google has patched CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS component that has been actively exploited — the first...
Security researchers have uncovered a malicious Chrome extension called CL Suite that steals TOTP 2FA seeds, Meta Business Manager data, and analytics,...
Google releases emergency security update for Chrome addressing two high-severity vulnerabilities that could allow arbitrary code execution and system crashes.
Google has released an emergency Chrome update to fix a zero-day vulnerability being actively exploited in targeted attacks against journalists and activists.