Signal: Incoming call can be connected without user interaction

Android: Use-After-Free in Binder driver

Rogue Chromium dev lead ignores W3C 'autocomplete' spec; frustrates Internet

iMessage: Malformed Message Bricks iPhone

All Chrome extensions can execute remote code in their own context

Google Chrome: “HTTPS” scheme and “www” to be hidden from address bar in M76

Google refuses to add hardware acceleration to Chrome on Linux

Chromium Manifest V3 May Impact Content Blockers

Google proposes changes to Chromium which would disable uBlock Origin

Chrome: trick users into giving access to all files on local disk (2016)

Moving to Python 3 : A Decade Long Journey

Google Chrome team has decided to ignore autocomplete=off – protest here

Chrome 69: “www.” subdomain missing from URL

cgit: directory traversal in cgit_clone_objects()

XNU kernel heap overflow due to bad bounds checking in MPTCP

Speculative execution, variant 4: speculative store bypass

Chrome Partially Reverts Autoplay Policy Amid Developer Outcry

New Linux EXT4 Bug - out-of-bounds memcpy via non-inline system.data xattr

Linux RNG flaws

Windows Defender Unrar Vulnerability

Microsoft Edge: ACG bypass using UnmapViewOfFile

Grammarly shared its tokens with all websites

1471 - blizzard: agent rpc auth mechanism vulnerable to dns rebinding - project-zero - Monorail

CPUs: information leak using speculative execution

All Blizzard games vulnerable to DNS rebinding attack

All Blizzard games (World of Warcraft, Overwatch, Diablo III, Starcraft II, etc.) were vulnerable to DNS rebinding vulnerability allowing any website to run arbitrary code

keeper: privileged ui injected into pages (again) - project-zero

766253 - Chrome OS exploit: WebAsm, Site Isolation, crosh, crash reporter, cryptohomed - chromium [The $100,000 Chrome OS Exploit]

Apple: Heap Overflow in AppleBCMWLANCore Driver

Chrome's geolocation fails daily due to API limit

More →