browser security

5 posts

Your SSD is leaking what you're doing

How websites can use SSD response timing as a covert channel to infer user activity, and what browsers and users can do about it.

May 27, 2026

Article

Your VPN extension trusts every website you visit

A hardcoded trigger word in a million-install Chrome VPN extension let any website disable the tunnel, change exit nodes, and read open tabs.

May 27, 2026

Article

Chrome's fourth 2026 zero-day ships mid-cycle

Google's fourth exploited Chrome zero-day of 2026 patches a V8 type confusion bug. The real risk is the patch-to-deployment window.

May 3, 2026

Article

Chrome's fourth zero-day of 2026 ships mid-cycle

Fourth Chrome zero-day of 2026 is a V8 type confusion. Inside the exploit chain, sandbox escape, and the patch gap attackers are weaponising right now.

May 1, 2026

Article

CVE-2025-1234: Type Confusion in V8 JavaScript Engine Exploited in the Wild

CVE-2025-1234: Type confusion in V8 exploited in the wild, enabling arbitrary code execution via JIT deoptimization. MITRE T1059.004, EDR blind spots, and post-patch exposure.

Apr 3, 2026