Browser Security

Browser Security: Apple Zero-Days, Chrome 145, AI Attack Trends & Interop 2026

13 Feb 2026 — 3 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Adblock Filters Exposes Reveal User Location Despite VPN Protection

New fingerprinting bypasses VPNs, exposing user location via AdBlock filter lists.
Malicious websites exploit country-specific AdBlock filter lists to pinpoint user location.
Browser configurations leveraged by malicious sites bypass VPNs by probing unique regional elements.

Source: teamwin.in | Date: February 12, 2026

Over 500,000 VKontakte users infected by five malicious Chrome extensions.
Malware delivered dynamic payloads via VK profile metadata and GitHub.
Threat enables CSRF token manipulation, forced group subscriptions, and persistent account control.

Source: koi.ai | Date: February 12, 2026

Google's Threat Analysis Group (TAG) observed state-backed actors leveraging AI, specifically Gemini, for reconnaissance and attack support, enhancing their operational capabilities.
The use of AI includes drafting phishing emails, generating social engineering content, and assisting with OSINT activities to identify targets and vulnerabilities.
Attackers are employing AI to accelerate the research phase of campaigns, allowing for more tailored and sophisticated phishing, credential theft, and exploitation attempts.

Source: The Hacker News | Date: February 12, 2026

A critical bulletin highlighted the emergence of AI prompt injection vulnerabilities that could lead to remote code execution (RCE) via manipulated input to Large Language Models.
The report also detailed a "0-Click" exploit affecting Claude AI, indicating a severe vulnerability that could compromise user data without direct user interaction.
These AI-specific attack vectors underscore evolving threats against browser-integrated AI features and web applications leveraging LLMs.

Source: The Hacker News | Date: February 12, 2026

Apple released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two actively exploited zero-day vulnerabilities, CVE-2026-20700 (Kernel) and CVE-2026-20707 (WebKit).
The WebKit bug (CVE-2026-20707) is a use-after-free vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content.
Users are urged to update their devices to iOS 19.3.1, iPadOS 19.3.1, macOS Sonoma 14.3.1, and watchOS 10.3.1 immediately to mitigate the risk of targeted attacks.

Source: The Cyberthrone | Date: February 12, 2026

Mozilla, Microsoft, Google, and Apple have launched Interop 2026, a collaborative effort to improve web compatibility and developer experience across major browsers.
This year's initiative focuses on addressing key areas of inconsistency and pain points for web developers, building on the successes of previous Interop efforts.
Microsoft Edge's team has committed to significant contributions to Interop 2026, aiming to resolve over 50 specific focus areas and ensure better alignment with web standards.

Source: Mozilla Hacks Blog | Date: February 12, 2026

Google released Chrome version 145, addressing three high-severity vulnerabilities, including flaws in its CSS and Codec components.
These security flaws, identified as use-after-free vulnerabilities, could lead to remote code execution or denial-of-service if exploited.
Users are advised to update to Chrome 145.0.XXXX.XXX or later across all platforms to patch these critical issues and enhance browsing security.

Source: SecurityOnline.info | Date: February 12, 2026