Rustifying Image Codecs in Chromium
A cross-team effort to make browser image decoding safer without slowing the web down. Introduction Image decoding is on the hot path in every modern browser. Page loads, <img> tags, and fa...
A cross-team effort to make browser image decoding safer without slowing the web down. Introduction Image decoding is on the hot path in every modern browser. Page loads, <img> tags, and fa...
119 extensions, up to 2.6 million installs, delayed execution, and payloads hidden inside image and font files. Here’s what we found, how we disrupted it, and how we’re protecting you. Browser ext...
Browsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure throug...
Despite recent advancements in adoption of passkeys, passwords remain one of the most widely used authentication mechanisms on the web, yet repeated studies have demonstrated that humans are partic...
Introduction The digital threat landscape is in a constant state of flux, with attackers perpetually seeking new avenues to compromise users and corporate environments. As a result, the Edge brows...
In a previous blog Browser Security Bugs that Aren’t we covered some of the most common submissions to Microsoft Edge’s Bug Bounty program but which unfortunately do not qualify for a reward. The p...
What is RIDL and Why Should you Care? In 2019 researchers from Vrije Universiteit Amsterdam shared details of a new side-channel attack which they coined “Rogue In-Flight Data Load” (RIDL). It was...
Introduction Today, we’re excited to announce a new security protection in Microsoft Edge and other Chromium-based browsers that defends against attackers being able to leverage an exploit in a Re...
Introduction Hello and welcome to the first in a new series of blog posts in which we will discuss some issues that are commonly reported through our Researcher Incentive (Bug Bounty) Program, but...
Introduction In this blog post, we will share the story about how we discovered a critical stack corruption bug that has existed in Windows for more than 20 years (CVE-2023-36719). The bug was fou...