Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

AI Browser Vulnerability: Indirect Prompt Injection Attacks

2025-08-24
AI Browser Vulnerability: Indirect Prompt Injection Attacks

Brave's security team discovered a critical vulnerability in AI browsers like Perplexity Comet: attackers can embed malicious instructions in web pages, tricking the AI assistant into performing unauthorized actions such as accessing user bank accounts or stealing passwords. The attack exploits the AI assistant's inability to distinguish between user instructions and webpage content, bypassing traditional web security mechanisms. This vulnerability highlights the importance of AI browser security, requiring browser vendors to prioritize security before deploying powerful AI agent capabilities.

Read more
(brave.com)
Tech

Brave Blocks Microsoft Recall by Default: Protecting Your Browsing Privacy

2025-07-23
Brave Blocks Microsoft Recall by Default: Protecting Your Browsing Privacy

Brave browser version 1.81 and later now blocks Microsoft's Recall feature, which automatically takes screenshots of browsing activity, by default for Windows users. Recall's initial design, storing screenshots in a local plaintext database, raised serious privacy concerns. While Microsoft has made improvements, Brave proactively disables Recall, offering a toggle to re-enable it for those who need it. Brave achieves this by marking all tabs as 'private', preventing browsing history from being inadvertently saved. This highlights Brave's commitment to user privacy, especially in sensitive situations like intimate partner violence.

Read more
(brave.com)
Tech

Brave Launches Blockchain-Based .brave Top-Level Domain

2025-06-29
Brave Launches Blockchain-Based .brave Top-Level Domain

Brave browser, in partnership with Unstoppable Domains, has launched the first on-chain top-level domain, .brave. This aims to simplify the Web3 user experience, enhancing digital identity management and decentralized internet accessibility. Minted on the Polygon blockchain, .brave domains are compatible with multiple networks including Base, Bitcoin, Ethereum, Solana, and more. Brave users can utilize .brave domains for simplified crypto payments, host censorship-resistant websites on IPFS, and build verifiable on-chain identities. Brave and Unstoppable Domains are also exploring ICANN gTLD registration to expand .brave's reach, bridging Web2 and Web3.

Read more
(brave.com)
Tech Digital Identity

Misleading Adblocker Test Websites: A Critique from Brave

2025-02-20
Misleading Adblocker Test Websites: A Critique from Brave

Shivan Kaul Sahib, Lead for Privacy Engineering at Brave, criticizes many existing adblocker testing websites. These sites employ flawed methodologies, including arbitrary testing criteria, failure to emulate real-world scenarios, disregard for advanced features (like resource replacement), and inability to account for domain-specific rules. This leads to misleading results, even harming the adblocking ecosystem. Kaul Sahib argues that adblockers should be compared based on native support, performance, advanced features, and ethical practices, not low-quality tests. Brave refuses payments to unblock advertisers, collaborates with reputable testing sites, and strives for improved web privacy.

Read more
(brave.com)
Tech adblocker Brave browser