Safeguard
Tag

browser-security

Safeguard articles tagged "browser-security" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Application Security

XS-Leaks explained: cross-site leak techniques and the defenses that stop them

XS-Leaks bypass the Same-Origin Policy without running a single line of attacker script — they read state through timing, frame counts, and error events instead.

Jul 8, 20266 min read
Vulnerability Guides

Clickjacking: A Prevention Guide

Clickjacking tricks a user into clicking something different from what they see by layering an invisible frame over a decoy page. Here is how to block it.

Jul 5, 20265 min read
Security Guides

Content Security Policy (CSP) Explained (2026)

A Content Security Policy is your last line of defense against XSS. Here is how CSP works, why nonce-based strict policies beat allowlists, and how to deploy one without breaking your app.

Jul 4, 20266 min read
Vulnerability Guides

CORS Misconfiguration: How to Prevent It

A too-generous CORS policy can let a malicious site read authenticated responses from your API. Reflecting the Origin with credentials is the classic mistake.

Jul 4, 20265 min read
Security Guides

WebAssembly Security Explained (2026)

WebAssembly runs untrusted code in a memory-isolated sandbox, but sandboxed is not the same as safe. Here is how the Wasm security model actually works and where it breaks.

Jul 1, 20266 min read
Buyer's Guides

Aikido vs Koi: device/browser protection comparison

Aikido Security and Koi Security solve different layers of risk. Heres how they compare on device/browser protection, and where Safeguard fits in.

May 5, 20268 min read
Supply Chain Attacks

Chrome Extension Cyberhaven Supply Chain Attack 2024

A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.

Mar 30, 20268 min read
Vulnerability Analysis

What is a Man-in-the-Browser Attack

Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.

Jan 26, 20267 min read
Application Security

Service Worker Security Risks: The Persistent Threat in Your Browser

Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.

Feb 12, 20246 min read
Vulnerability Management

A History of Browser Sandbox Escapes and What They Teach Us

Browser sandboxes are the last line of defense against web-based attacks. When they fail, everything is exposed. Here is what the major escapes reveal.

Oct 25, 20235 min read
Application Security

Progressive Web App Security: The Risks Hiding in the Browser

PWAs blur the line between websites and applications. Their security model is browser-based, which introduces different risks than native applications.

Oct 12, 20235 min read
Application Security

PWA Service Worker Attack Surface: What Security Teams Overlook

Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.

Mar 5, 20237 min read
browser-security — Safeguard Blog