Edge
-
DRILLAPP backdoor runs in Edge to target Ukrainian entities
A February 2026 campaign used a JavaScript backdoor called DRILLAPP that runs in Microsoft Edge to capture files, microphone audio, camera video and screen images via the browser.
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
-
Researcher discloses ‘Brash’ flaw that can crash Chromium-based browsers by spamming tab title
A researcher has published details of ‘Brash’, a vulnerability in Chromium’s Blink engine that can crash Chromium-based browsers by rapidly updating the document.title field, causing massive DOM mutations and UI thread saturation.
-
Microsoft tightens Edge’s Internet Explorer mode after reports of exploit chain
Microsoft said it has tightened Internet Explorer mode in Edge after reports that attackers used social engineering and unpatched Chakra 0-day exploits to gain remote code execution and escalate privileges, and the company removed easier IE mode launch options and now requires explicit enabling.
-
Google Enhances Chrome Security by Blocking Admin-Level Launches
Google’s new feature for Chrome will block the browser from launching with administrative rights, enhancing security similar to measures already implemented in Microsoft Edge. This change aims to reduce the risk of malware executing with elevated permissions and compromising user systems.
