Makers of Copyfish OCR software get taken on wild ride after code for its Chrome extension is stolen.

Google has put websites signed with WoSign/StartCom SSL certificates on notice that it will no longer trust certs from the Chinese CA starting in Chrome 61.

Yesterday’s Patch Tuesday release also included an update to Microsoft’s Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function.

University researchers created a browser-based JavaScript that leverages a phone’s smart device sensor data to steal PINs.

Microsoft followed Google’s lead and said it will soon block Flash Player by default in the Edge browser.

Microsoft is bringing virtualization to its Edge browser with a security tool called Windows Defender Application Guard. The technology, announced this week at Microsoft’s 2016 Ignite conference in Atlanta, takes a virtualization-based approach to isolating browser-based attacks from the internet. Windows Defender Application Guard will be exclusive to enterprise versions of Windows 10 and will...

A remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4.

Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. While Mozilla said it has patched the flaw in the affected Android version of the Firefox browser, Google said Chrome will be fixed in an upcoming September release. Some details about the flaw...

Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski ($7,500) and Rob Wu ($6,500). The previous Chrome update on May 27 addressed 42 flaws with...

The FBI’s refusal to share details about a network investigative technique it used to gather evidence against a Vancouver teacher charged with possession of child pornography has forced a federal judge’s hand to exclude the evidence from trial. The NIT used by the FBI to hack the Playpen website is believed to have de-anonymized users...