#browser-security

#browser-security

The common denominator of advanced attacks revolves around ever more difficult detection. Although Endpoint Detection & Response (EDR) can pick up multiple signals, the browser remains a blind spot. Zscaler has also come to this conclusion and has acquired SquareX to keep an eye on browser usage via a lightweight extension. In doing so, Zscaler is following the same philosophy as CrowdStrike: acquire a promising Browser Detection & Response (BDR) player to expand its own portfolio.

This exploit, dubbed ChatGPT Tainted Memories by browser security vendor LayerX's researchers, who found and disclosed the security hole to OpenAI, involves some level of social engineering in that it does require the user to click on a malicious link. It also poses a risk to ChatGPT users on any browser - not just Atlas, which is OpenAI's new AI-powered web browser that launched last week for macOS.

The browser has quietly become the nerve centre of modern business. It's where we access our CRM, collaborate on documents, check financial dashboards, and run customer calls. Yet while companies spend millions securing networks and devices, the browser, the window through which almost every work app is opened, is often left unguarded. That oversight is proving costly. The more we rely on cloud software, the greater the risk of session hijacks, data leaks, and compromised credentials.

It's been almost 10 years since Brave launched, and slowly but surely the privacy-focused web browser is attracting more and more users. It's been a long road with some ups and downs, but it's paying off. According to a recent company blog post, Brave says its browser has crossed a new milestone: 100 million active monthly users. That's as of September 2025, representing a huge jump up from the 50 million users milestone it reached back in 2021. That's a four-year doubling!

Perplexity's Comet AI browser is meant to act as an AI assistant that works alongside you every step of your browsing experience, even taking actions for you, such as managing your accounts. This makes keeping your credentials secure more important than ever, and Perplexity's new partnership with 1Password aims to do just that. Instantly log in to your saved accounts On Wednesday, the two companies announced their partnership, which integrates 1Password directly into Comet.

Much of cybersecurity's mitigations were designed years ago to protect infrastructure and data, which was correct at the time. But company use of the internet has changed. Cloud computing and remote working have hastened the demise of the perimeter, and the arrival of AI has increased the speed of attacks. The old methods no longer work, yet cybersecurity has not adapted its core defense.

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting sensitive data on these browsers.

Anthropic is launching a research preview of a browser-based AI agent powered by its Claude AI models, the company announced on Tuesday. The agent, Claude for Chrome, is rolling out to a group of 1000 subscribers on Anthropic's Max plan, which costs between $100 and $200 per month. The company is also opening a waitlist for other interested users. By adding an extension to Chrome, select users can now chat with Claude in a sidecar window that maintains context of everything happening on their browser. Users can also give the Claude agent permission to take actions in their browser and complete some tasks on their behalf.