browser-security
Safeguard articles tagged "browser-security" — guides, analysis, and best practices for software supply chain and application security.
13 articles
XS-Leaks explained: cross-site leak techniques and the defenses that stop them
XS-Leaks bypass the Same-Origin Policy without running a single line of attacker script — they read state through timing, frame counts, and error events instead.
Clickjacking: A Prevention Guide
Clickjacking tricks a user into clicking something different from what they see by layering an invisible frame over a decoy page. Here is how to block it.
Content Security Policy (CSP) Explained (2026)
A Content Security Policy is your last line of defense against XSS. Here is how CSP works, why nonce-based strict policies beat allowlists, and how to deploy one without breaking your app.
CORS Misconfiguration: How to Prevent It
A too-generous CORS policy can let a malicious site read authenticated responses from your API. Reflecting the Origin with credentials is the classic mistake.
WebAssembly Security Explained (2026)
WebAssembly runs untrusted code in a memory-isolated sandbox, but sandboxed is not the same as safe. Here is how the Wasm security model actually works and where it breaks.
Aikido vs Koi: device/browser protection comparison
Aikido Security and Koi Security solve different layers of risk. Heres how they compare on device/browser protection, and where Safeguard fits in.
Chrome Extension Cyberhaven Supply Chain Attack 2024
A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.
What is a Man-in-the-Browser Attack
Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.
Service Worker Security Risks: The Persistent Threat in Your Browser
Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.
A History of Browser Sandbox Escapes and What They Teach Us
Browser sandboxes are the last line of defense against web-based attacks. When they fail, everything is exposed. Here is what the major escapes reveal.
Progressive Web App Security: The Risks Hiding in the Browser
PWAs blur the line between websites and applications. Their security model is browser-based, which introduces different risks than native applications.
PWA Service Worker Attack Surface: What Security Teams Overlook
Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.