Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more.

The vulnerability was reported…

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers.

According to findings by an independent security researcher using the pseudonym “Q Continuum,” a total of 287 extensions sent data that closely matched the URLs visited during simulated browsing sessions.

“The actors behind the leaks span the…

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup. The deal will enable Zscaler to extend its Zero Trust Exchange capabilities directly into standard web browsers, across both managed and unmanaged devices.

With Zscaler Private Access (ZPA), the company has been assisting enterprises adopt zero trust…