Episode 84: Google Chrome Plans to Implement Insecure Form Warnings

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, which has been fixed in Chrome version 85. Google also announced that Chrome 86 will alert users if a form submission is using the insecure HTTP protocol, making it a good time to audit older sites that may have migrated to HTTPS, but still have forms submitting via HTTP. A security researcher found a flaw in Apple's Safari browser that could allow an attacker to access files on a Mac or iOS device. The FBI and CISA have issued a joint alert to warn about the growing threat from vishing attacks targeting companies.