Questions tagged [web-browser]
A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.
1,694 questions
0 votes
0 answers
51 views
What is the appropriate incident-response procedure after a user clicks a phishing link without entering credentials? [duplicate]
A user accidentally clicked a link in a phishing email. The link led to what appeared to be an online video-course/tutorial site. The user did not enter any credentials, download any files, or ...
- 101
0 votes
1 answer
148 views
Lots of copies of avg_secure_browser_setup.exe in my Downloads folder downloaded automatically
I have about ten copies of: avg_secure_browser_setup1.exe avg_secure_browser_setup2.exe avg_secure_browser_setup3.exe etc. This isn't the first time that I've found this. The first time I noticed ...
- 111
1 vote
1 answer
141 views
Is there a way to exploit this DOM-based XSS in recent versions of browsers?
I am a beginner in web app pentesting. In this page, The client-controlled fragment identifier in URL is injected directly into the page DOM, permitting a DOM-based XSS, I think. I've tried many ...
- 13
1 vote
2 answers
121 views
In PCI DSS SAQ A, does "customer’s browser" include merchant apps using TPSP-provided UI elements for card data?
I’m trying to understand a PCI DSS SAQ A requirement that says: "All elements of the payment page(s)/form(s) delivered to the customer’s browser originate only and directly from a PCI DSS ...
3 votes
1 answer
127 views
Is there an official, or accepted, recommendation to turn off autocomplete for bank account details
Part of the WCAG recommendations for web accessibility involves using autocomplete attributes to make it easier to fill in forms: see here, and here. However on multiple places I've seen people ...
- 131
12 votes
4 answers
6k views
Why are browser HTTP auth schemes stuck in 1999?
Chromium supports Basic, Digest, NTLM, and Negotiate HTTP authentication schemes. Of those, the newest is Negotiate, which was present no later than 1999, because IE5 supported it (!!!). I can't find ...
- 263
16 votes
4 answers
6k views
How does an "enterprise browser" work?
There are some new security companies selling what they call "enterprise browsers". For instance, Island (https://www.island.io/blog/what-is-an-enterprise-browser) is one of them. Both ...
- 261
2 votes
0 answers
500 views
Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Let's say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent ...
- 1,325