Category Archives: browser security

Security risk analysis of address bar spoofing bug in Chrome and Opera

On June 30, 2015 security researcher David Leo publicly disclosed a vulnerability in Google Chrome on the full disclosure mailing list. Via this vulnerability it is possible to spoof the location of the address bar in the latest version of … Continue reading

Posted in browser security, bug, phishing | Comments Off on Security risk analysis of address bar spoofing bug in Chrome and Opera

Mitigations against critical universal cross-site scripting vulnerability in fully patched Internet Explorer 10 and 11

This week David Leo disclosed a critical universal cross-site scripting vulnerability in fully patched Microsoft Internet Explorer 10 and 11 (from now on called the UXSS leak). He notified Microsoft on October 13 last year, but Microsoft didn’t publish a … Continue reading

Posted in browser security, cross-site scripting, security vulnerability, website security | 1 Comment