Browser Security

Browser Security Brief: Chrome Updates, Firefox Privacy, and Critical Web Vulnerabilities

Nishant Sharma

2 min read

“A.I.” browsers: the price of admission is too high

  • AI browsers collect extensive user data, including sensitive AI prompt content, often by default for training models.
  • They create "walled gardens," increasing user risk of misinformation, manipulation, and disinformation campaigns.
  • Agentic AI browsers are vulnerable to prompt injection attacks, enabling data loss or unauthorized actions.

Source: Vivaldi | Date: November 10, 2025

Watch out for Walmart gift card scams

  • Walmart gift card scams lure victims with promises of high-value rewards for completing online surveys.
  • Scams harvest personal data like names, emails, and addresses for resale or targeted phishing attacks.
  • Protect against threats by using browser protection tools and being skeptical of unsolicited online offers.

Source: Malwarebytes | Date: November 10, 2025

New Browser Security Report Reveals Emerging Threats for Enterprises

  • A new report highlights a significant rise in browser-based threats targeting enterprises, indicating browsers are becoming primary attack vectors for initial access and data exfiltration.
  • The report emphasizes credential theft, drive-by downloads, malicious extensions, and phishing as leading threats, impacting sensitive corporate data and systems.
  • Enterprises are urged to implement advanced browser security measures, including browser isolation, strict content security policies, and continuous monitoring, to mitigate these escalating risks.

Source: The Hacker News | Date: November 11, 2025

Firefox Expands Fingerprinting Protections for Enhanced Privacy

  • Mozilla Firefox is enhancing its Enhanced Tracking Protection (ETP) by expanding fingerprinting protections to block more scripts that attempt to identify users uniquely across websites.
  • The updated protections aim to create a more private web experience by making it harder for advertisers and data brokers to collect identifiable information from user browsers.
  • These advanced anti-fingerprinting techniques will be rolled out gradually to all Firefox users, reinforcing the browser's commitment to user privacy by default.

Source: Mozilla Blog | Date: November 12, 2025

Popular JavaScript Library 'expr-eval' Vulnerable to RCE Flaw

  • A critical Remote Code Execution (RCE) vulnerability has been discovered in expr-eval, a widely used JavaScript library with over 7 million weekly downloads, making many web applications susceptible.
  • The flaw, stemming from insecure deserialization of expressions, allows attackers to inject and execute arbitrary code by manipulating input that the library processes.
  • Developers using expr-eval versions prior to 2.0.2 are advised to update immediately to mitigate the risk of server-side RCE in applications that incorporate the library.

Source: BleepingComputer | Date: November 11, 2025

Chrome Releases Stable Channel Update Addressing Multiple Vulnerabilities

  • Google has released a stable channel update for Chrome desktop, version 120.0.6099.224/.225 for Windows and Mac, and 120.0.6099.224 for Linux, addressing multiple security vulnerabilities.
  • The update includes fixes for several high-severity issues, although specific CVE details are pending to allow users to update before full disclosure of exploit details.
  • Users are strongly advised to update their Chrome browsers immediately to the latest version to protect against potential exploitation of these patched flaws.

Source: Chrome Releases | Date: November 11, 2025

References

  1. New Browser Security Report Reveals Emerging Threats for Enterprises - The Hacker News
  2. Firefox expands fingerprint protections: advancing towards a more private web - Mozilla Blog
  3. Popular JavaScript library expr-eval vulnerable to RCE flaw - BleepingComputer
  4. Stable Channel Update for Desktop - Chrome Releases

Read more