ZDNet

Google working on new Chrome security feature to 'obliterate DOM XSS'

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...
InfoQ

Experimental Trusted Types API to Combat Cross-Site Scripting Vulnerabilities

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Threat Post

Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks

Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Certain types of online ads that expand, contract and pop-open aren’t just ...
Ars Technica

Actively exploited WordPress bug puts millions of sites at risk

Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely ...
ZDNet

Google to remove Chrome's built-in XSS protection (XSS Auditor)

Google engineers plan to remove a Chrome security feature that has not been living up to par with the protections with was supposed to provide for years. Named XSS Auditor, the feature was added to ...