Supposedly secure browsers are making headlines, but not in a good way. Their makers cannot gloss over the security weaknesses any longer.
Browser makers should be concerned, very concerned. Last week, a security researcher with software firm AdGuard called out five malicious ad blocking extensions in the Google Chrome Store.
At that point, they had already been installed by at least 20 million users of the Chrome browser. This shouldn’t have come as a big surprise. Many well-documented cases prove that plugins, in general, exacerbate the risks associated with using a locally installed browser.
And annual exploit competitions like last month’s Pwn2Own keep exposing ever more vulnerabilities of supposedly “secure” browsers for the world (malware authors, in particular) to see and study.
At Pwn2Own (sponsored by security vendor Trend Micro), Apple’s Safari browser was hacked by a three bug chain containing a macOS elevation of privilege vulnerability that modified text on a MacBook Pro's touch bar. And that wasn’