ZDNet

Google working on new Chrome security feature to 'obliterate DOM XSS'

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...
InfoQ

Experimental Trusted Types API to Combat Cross-Site Scripting Vulnerabilities

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Threat Post

Verizon Patches XSS Issues in its Messaging Client

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session. Verizon late last ...
Dark Reading

Security 101: Cross-Site Scripting

In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the ...
Ars Technica

Actively exploited WordPress bug puts millions of sites at risk

Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely ...
Dark Reading

Gallup Addresses XSS Bugs in Website

Editor's Note: Dark Reading has become aware that a portion of the original Checkmarx research on these vulnerabilities is in dispute, prompting us to retract sections of our reporting below. As ...
ZDNet

Google to remove Chrome's built-in XSS protection (XSS Auditor)

Google engineers plan to remove a Chrome security feature that has not been living up to par with the protections with was supposed to provide for years. Named XSS Auditor, the feature was added to ...