Google today announced an update to its password manager that will finally introduce a consistent look-and-feel across the service's Chrome and Android implementations. From a report: Users will soon see a new unified user experience that will automatically group multiple passwords for the same sites or apps together, as well as a new shortcut on the Android home screen to get access to these passwords. In addition to this, Google is also now adding a new password-related feature to Chrome on iOS, which can now generate strong passwords for you (once you set Chrome as an autofill provider). Meanwhile, on Android, Google's password check can now also flag weak and re-used passwords and help you to automatically change them, while Chrome users across platforms will now see compromised password warnings.

At the end of 2008, Firefox was flying high. Twenty percent of the 1.5 billion people online were using Mozilla's browser to navigate the web. In Indonesia, Macedonia, and Slovenia, more than half of everyone going online was using Firefox. "Our market share in the regions above has been growing like crazy," Ken Kovash, Mozilla's data analytics team manager at the time, wrote in a blog post. Almost 15 years later, things aren't so rosy. From a report: Across all devices, the browser has slid to less than 4 percent of the market -- on mobile it's a measly half a percent. "Looking back five years and looking at our market share and our own numbers that we publish, there's no denying the decline," says Selena Deckelmann, senior vice president of Firefox. Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022. "In the last couple years, what we've seen is actually a pretty substantial flattening," Deckelmann adds.

In the two decades since Firefox launched from the shadows of Netscape, it has been key to shaping the web's privacy and security, with staff pushing for more openness online and better standards. But its market share decline was accompanied by two rounds of layoffs at Mozilla during 2020. Next year, its lucrative search deal with Google -- responsible for the vast majority of its revenue -- is set to expire. A spate of privacy-focused browsers now compete on its turf, while new-feature misfires have threatened to alienate its base. All that has left industry analysts and former employees concerned about Firefox's future. Its fate also has larger implications for the web as a whole. For years, it was the best contender for keeping Google Chrome in check, offering a privacy-forward alternative to the world's most dominant browser.

Two years ago a college sophomore started "the Log Off movement." This week the New York Times explored its progress — starting with how their mission's been affected by negative news stories about social media: "The first article I read that really launched me into it was Have Smartphones Destroyed a Generation. I found study after study showing the possible correlation between increased rates of anxiety, suicide rates and eating disorders tracking alongside increased rates of usage... The most powerful thing to me was not the studies. It was the fact that personal stories were not being told and there was not an epicenter where people could come together and say: "Here's my personal experience." "Here's how I was harmed." "These were the accounts that made me feel worse about myself." I knew that was necessary. The genie's out of the bottle.

As members of Gen Z, we understand that there are positive attributes and there are negative attributes to social media, but right now, in its current usage, it can be really harmful.

Q: How does the Log Off Movement address these issues?

Through our podcast, a leadership council, an educational curriculum on how to use online spaces safely and blogs, we are discussing ways we can move forward with technology and allow it to become a tool again rather than a controller.

What we are asking for teens to do is to be comfortable talking about their experiences so that we can educate legislators to understand a Gen Z perspective, what we need from technology, what privacy concerns we're having, what mental health concerns we're having. We have an advocacy initiative through Tech[nically] Politics, which pushes for laws that help ensure teens have a safe online experience, specifically the California Age Appropriate Design Code Bill....

Q: How have you adjusted your own relationship to social media? What methods have worked?

Whenever I go through a stressful period with exams, I delete Instagram. I know that in periods of stress, I'm going to lean towards mindlessly using it as a form of coping. Another thing that's worked for me is Grayscale, which makes the phone appear only in black and white.

I always suggest Screentime Genie, which provides solutions on how to limit screen time. I use Habit Lab for Chrome, which helps you reduce your time online. It creates a level of friction between you and addictive technology.
One app they still enjoy is BeReal (which notifies you and your friends to take an unstaged picture of what you're genuinely doing at one randomly-chosen moment each day). But the group's founder still remembers the "horrific loop" of using social media apps six hours a day (starting with Instagram at the age of 12) — and "feeling as though I could not stop scrolling because it has this weird power over me..." One teenager who'd spent six hours a day on social media later shared their observation that logging off improved their vision — but also made the world more clear mentally.

The group's founder says the ultimate hope is their project "results in a kind of pivot prioritizing the well-being of users in these online environments."

From the MacRumors blog earlier this week: Germany's Federal Cartel Office, the Bundeskartellamt, has initiated proceedings against Apple to investigate whether its tracking rules and anti-tracking technology are anti-competitive and self-serving, according to a press release. The proceeding announced will review under competition law Apple's tracking rules and specifically its App Tracking Transparency Framework (ATT) in order to ascertain whether they are self-preferencing Apple or being an impediment to third-party apps...

Introduced in April 2021 with the release of iOS 14.5 and iPadOS 14.5, Apple's App Tracking Transparency Framework requires that all apps on âOEiPhoneâOE and âOEiPadâOE ask for the user's consent before tracking their activity across other apps. Apps that wish to track a user based on their device's unique advertising identifier can only do so if the user allows it when prompted.

Apple said the feature was designed to protect users and not to advantage the company... Earlier this year it commissioned a study into the impact of ATT that was conducted by Columbia Business School's Marketing Division. The study concluded that Apple was unlikely to have seen a significant financial benefit since the privacy feature launched, and that claims to the contrary were speculative and lacked supporting evidence.
The technology/Apple blog Daring Fireball offers its own hot take: In Germany, big publishing companies like Axel Springer are pushing back against Google's stated plans to remove third-party cookie support from Chrome. The notion that if a company has built a business model on top of privacy-invasive surveillance advertising, they have a right to continue doing so, seems to have taken particular root in Germany. I'll go back to my analogy: it's like pawn shops suing to keep the police from cracking down on a wave of burglaries....

The Bundeskartellamt perspective here completely disregards the idea that surveillance advertising is inherently unethical and Apple has studiously avoided it for that reason, despite the fact that it has proven to be wildly profitable for large platforms. Apple could have made an enormous amount of money selling privacy-invasive ads on iOS, but opted not to.

It's finally happening. Microsoft will be ending support for most versions of its Internet Explorer (IE) 11 browser on June 15. ZDNet: Microsoft announced more than a year ago that IE would be removed from most versions of Windows 10 this year and has spent months encouraging customers to get ready by proactively retiring the browser from their organizations. IE 11 will be retired for Windows 10 client SKUs (version 20H2 and later) and Windows 10 IoT (version 20H2 and later). Products not affected by this retirement include IE Mode in Edge; IE 11 desktop on Windows 8.1, Windows 7 (with Extended Security Updates), Windows Server LTSC (all versions), Windows Server 2022, Windows 10 client LTSC (all versions), Windows 10 IoT LTSC (all versions). The IE 11 desktop app is not available on Windows 11, as Edge is the default browser for Windows 11. IE Mode in Microsoft Edge will be supported through at least 2029 to give web developers eight years to modernize legacy apps and eventually remove the need for IE mode, officials have said. According to Net Applications, a web monitoring tool, Internet Explorer still has a market share of 5.21% on desktops and laptops, far behind Chrome at over 69%, to be sure, but still ahead of Apple's Safari, which commands 3.73% market share.

The UK's Competition and Markets Authority (CMA) has concluded that Google and Apple "hold all the cards" when it comes to mobile phones a year after taking a closer look at their "duopoly." It's now consulting on the launch of a market investigation into the tech giants' market power in mobile browsers, as well as into Apple's cloud gaming restrictions. From a report: In addition, the CMA has launched a separate investigation into Google's Play Store rules -- the one that requires certain app developers to use the tech giant's payment system for in-app purchases, in particular. The CMA has concluded after its year-long study that the tech giants do indeed exhibit an "effective duopoly" on mobile ecosystems. A total of 97 percent of all mobile web browsing in the UK is powered by Apple's and Google's browser engines. iPhones and Android devices typically come with Safari and Chrome pre-installed, which means their browsers have the advantage from the start. Further, Apple requires developers to make sure their iOS and iPadOS apps are using its WebKit engine to browse the web. That limits the incentives Apple may have to invest in Safari, the CMA said.

Google today announced a set of new and updated security features for Chrome, almost all of which rely on machine learning (ML) models, as well as a couple of nifty new ML-based features that aim to make browsing the web a bit easier, including a new feature that will suppress notification permission prompts when its algorithm thinks you're unlikely to accept them. From a report: Starting with the next version of Chrome, Google will introduce a new ML model that will silence many of these notification permission prompts. And the sooner the better. At this point, they have mostly become a nuisance. Even if there are some sites -- and those are mostly news sites -- that may offer some value in their notifications, I can't remember the last time I accepted one on purpose. Also, while legitimate sites love to push web notifications to remind readers of their existence, attackers can also use them to send phishing attacks or prompt users to download malware if they get users to give them permission. "On the one hand, page notifications help deliver updates from sites you care about; on the other hand, notification permission prompts can become a nuisance," Google admits in its blog post today. The company's new ML model will now look for prompts that users are likely to ignore and block them automatically. And as a bonus, all of that is happening on your local machine, so none of your browsing data makes it onto Google's servers.

"C++ allows for writing high-performance applications but this comes at a price, security..." So says Google's Chrome security team in a recent blog post, adding that in general, "While there is appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future."

So the post discusses "our journey of using heap scanning technologies to improve memory safety of C++." The basic idea is to put explicitly freed memory into quarantine and only make it available when a certain safety condition is reached. Microsoft has shipped versions of this mitigation in its browsers: MemoryProtector in Internet Explorer in 2014 and its successor MemGC in (pre-Chromium) Edge in 2015. In the Linux kernel a probabilistic approach was used where memory was eventually just recycled. And this approach has seen attention in academia in recent years with the MarkUs paper. The rest of this article summarizes our journey of experimenting with quarantines and heap scanning in Chrome.
In essence the C++ memory allocator (used by new and delete) is "intercepted." There are various hardening options which come with a performance cost:


- Overwrite the quarantined memory with special values (e.g. zero);

- Stop all application threads when the scan is running or scan the heap concurrently;

- Intercept memory writes (e.g. by page protection) to catch pointer updates;

- Scan memory word by word for possible pointers (conservative handling) or provide descriptors for objects (precise handling);

- Segregation of application memory in safe and unsafe partitions to opt-out certain objects which are either performance sensitive or can be statically proven as being safe to skip;

- Scan the execution stack in addition to just scanning heap memory...


Running our basic version on Speedometer2 regresses the total score by 8%. Bummer...

To reduce the regression we implemented various optimizations that improve the raw scanning speed. Naturally, the fastest way to scan memory is to not scan it at all and so we partitioned the heap into two classes: memory that can contain pointers and memory that we can statically prove to not contain pointers, e.g. strings. We avoid scanning memory that cannot contain any pointers. Note that such memory is still part of the quarantine, it is just not scanned....

[That and other] optimizations helped to reduce the Speedometer2 regression from 8% down to 2%.
Thanks to Slashdot reader Hari Pota for sharing the link

An anonymous reader quotes a report from Ars Technica: Apple's Safari web browser has more than 1 billion users, according to an estimate by Atlas VPN. Only one other browser has more than a billion users, and that's Google's Chrome. But at nearly 3.4 billion, Chrome still leaves Safari in the dust. It's important to note that these numbers include mobile users, not just desktop users. Likely, Safari's status as the default browser for both the iPhone and iPad plays a much bigger role than its usage on the Mac. Still, it's impressive given that Safari is the only major web browser not available on Android, which is the world's most popular mobile operating system, or Windows, the most popular desktop OS. "The statistics are based on the GlobalStats browser market share percentage, which was then converted into numbers using the Internet World Stats internet user metric to retrieve the exact numbers," explains Atlas VPN in a blog post.

This week Google began a rolling release for stable Chrome version 102 "with 32 security fixes for browser on Windows, Mac and Linux," reports ZDNet: Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There's one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also creates other fixes for issues found through internal testing...

The critical flaw, labelled as CVE-2022-1853, is a 'use after free in IndexedDB', an interface for applications to store data in a user's browser.... "My guess is that an attacker could construct a specially crafted website and take over the visitor's browser by manipulating the IndexedDB," says Pieter Arntz, a malware intelligence researcher at Malwarebytes. None of the flaws fixed in this Chrome 102 stable release were zero days, meaning flaws that were exploited before Google released a patch for it.

Google's Project Zero (GPZ) team last year counted 58 zero-day exploits for popular software in 2021. Twenty-five of these were in browsers, of which 14 affected Chrome. Google engineers argue zero-day counts are rising because vendors are improving detection, fixes and disclosure. However, GPZ researchers argue the industry as a whole is not making zero days hard enough for attackers, who often rely on tweaking existing flaws rather than being forced to conjure up entirely new exploitation methods.
Linux/Mac/Windows users of Chrome can check Help/About to see if the update has already rolled out to their system — or if they need to update manually.

Google is highlighting how Chromebooks can work in "zero trust" corporate environments with its new Chrome Enterprise Connectors Framework. From a report: The new integration system is designed to make the Chrome browser and Chrome OS devices easier for IT departments to implement with existing security, endpoint, and authentication solutions as well as bother management solutions. Google Chrome OS exec John Solomon describes the new tools as a "plug and play" solution that lets other companies helm Chrome OS management functions like remote-wiping a Chromebook using BlackBerry Unified Endpoint Management or flagging malware downloads with Splunk. These types of management functions previously worked through the Google Admin console. Managing and enrolling Chrome OS devices in the enterprise will still rely on Google tools like Google Admin and Chrome Browser Cloud Management. But new tools like Chrome OS Data Controls give enterprises more options to allow or lock down actions like printing, screen capture, copy / paste, and other potential data loss situations. It might even give IT a better handle on buggy Chrome OS updates and is currently available through the Trusted Tester program.

GameStop said on Monday it has launched a digital asset wallet that will allow gamers to store, send and receive cryptocurrencies and nonfungible tokens. From a report: The digital wallet will be able to be used across decentralized apps, which run on a blockchain and aren't controlled by a central authority, without players having to leave their web browsers, the company said in a statement. The GameStop wallet is a self-custodial Ethereum wallet, meaning the user controls the keys to their assets, not a third party. The wallet extension can be downloaded from Google's Chrome web store and will allow transactions on GameStop's NFT marketplace, which is expected to launch in the second quarter of the company's fiscal year.

AMD announced the Ryzen 5000 C-series for Chromebooks today. "The top chip in the series has eight of AMD's Zen 3 cores, giving systems that use it more x86 CPU cores than any other Chromebook," reports Ars Technica. From the report: The 7nm Ryzen 5000 C-series ranges from the Ryzen 3 5125C with two Zen 3 cores and a base and boost clock speed of 3 GHz, up to the Ryzen 7 5825C with eight cores and a base clock speed of 2 GHz that can boost to 4.5 GHz. For comparison, Intel's Core i7-1185G7, found in some higher end Chromebooks, has four cores and a base clock speed of 3 GHz that can boost to 4.8 GHz.

On their own, the chips aren't that exciting. They seemingly offer similar performance to the already-released Ryzen 5000 U-series chips. The Ryzen 5000 C-series also uses years-old Vega integrated graphics rather than the upgraded RDNA 2 found in Ryzen 6000 mobile chips, which, upon release, AMD said are "up to 2.1 times faster." But for someone who's constantly pushing their Chromebook to do more than just open a Chrome tab or two, the chips bring potentially elevated performance than what's currently available.

Microsoft Edge has overtaken Apple's Safari to become the world's second most popular desktop browser, based on data provided by web analytics service StatCounter. MacRumors reports: According to the data, Microsoft Edge is now used on 10.07 percent of desktop computers worldwide, 0.46 percent ahead of Safari, which stands at 9.61 percent. Google Chrome remains in first place with a dominant 66.64 percent share, and Mozilla's Firefox stands in fourth with 7.86 percent. As the default Windows 11 browser, the popularity of Edge has crept up in recent months, with the first concrete signs that it would surpass Safari to take second place coming in February, when it was used on 9.54 percent of desktops globally. Back in January 2021, Safari held a 10.38 percent market share, indicating a gradual slippage in popularity over the last 14 months.

Meanwhile, first-placed Chrome has seen its user base increase incrementally over that time, but perhaps surprisingly, Firefox has leaked users since the beginning of the year, despite regular updates and improvements. That suggests Safari's hold on third place isn't in immediate danger, having lost only 0.23 percent share since February, but things could always change fast if Apple decides to introduce sweeping changes to the way Safari works in macOS 13 later this year. It's a different story when it comes to mobile platforms, notes MacRumors. "In StatCounter's analysis, Edge doesn't even make it into the top six browsers on mobile, but first-placed Chrome commands 62.87 of usage share, with Safari on iPhones and iPads taking a comfortable 25.35 percent in second place, 20.65 percent ahead of third-placed Samsung Internet, with 4.9 percent."

vm shares the blogpost of Mozilla releasing Firefox 100, and outlines some of thoughts: Out of the ashes of Netscape/AOL, Firebird rose as a promising new browser. A significant name change and a hundred releases later, Firefox 100 is still the underdog that keeps on fighting. With my mounting annoyance at all the Google services underpinning Chrome, I've since discovered and used Ungoogled Chromium, Waterfox, LibreWolf, and a handful of other lesser known spins on Chrome or Firefox. On mobile, Brave really does the best job at ad blocking whether you're on iOS or Android but the Mozilla Foundations is probably still the largest dev group fighting the good fight when it comes to both privacy and security enhancements.That's not to say that the Chromium team isn't security savvy -- I only wish they were just a little less Google. Anyhow, tell us about your favorite browser in the comments and have a look at Mozilla's latest release while you're at it.

Hot Hardware warns that on Tuesday, the Stable Channel for Chrome's desktop edition "had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately." The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed...."

Effectively the the non-developer translation of the quote above is that something so significant was found, the details are being kept hidden.

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

Europe's Digital Markets Act -- near-finalized legislation to tame the internet's gatekeepers -- contains language squarely aimed at ending Apple's iOS browser restrictions. The Register reports: The Register has received a copy of unpublished changes in the proposed act, and among the various adjustments to the draft agreement is the explicit recognition of "web browser engines" as a service that should be protected from anti-competitive gatekeeper-imposed limitations. Apple requires that competing mobile browsers distributed through the iOS App Store use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

That requirement has been a sore spot for years among rivals like Google, Mozilla, and Microsoft. They could not compete on iOS through product differentiation because their mobile browsers had to rely on WebKit rather than their own competing engines. And Apple's browser engine requirement has vexed web developers, who have been limited to using only the web APIs implemented in WebKit for their web apps. Many believe this barrier serves to steer developers toward native iOS app development, which Apple controls.

The extent to which Apple profits from the status quo has prompted regulatory scrutiny in Europe, the UK, the US, and elsewhere. [...] Now those efforts have been translated into the text of the DMA, which, alongside the Digital Services Act (DSA), defines how large technology gatekeepers will be governed in Europe. [...] In short, when the DMA takes effect in 2024, it appears that Apple will be required to allow browser competition on iOS devices. "The potential for a capable web has been all but extinguished on mobile because Apple has successfully prevented it until now," said Alex Russell, partner program manager on Microsoft Edge who worked previously as Google Chrome's first web standards tech lead. "Businesses and services will be able to avoid building 'apps' entirely when enough users have capable browsers."

"There's a long road between here and there," he added. "Apple has spent enormous amounts to lobby on this, and they aren't stupid. Everyone should expect them to continue to play games along the lines of what they tried in Denmark and South Korea."

The Volla Phone 22, a new smartphone available for preorder via a Kickstarter campaign, is unlike any other smartphone on the market today in that it ships with a choice of the Android-based Volla OS or the Ubuntu Touch mobile Linux distribution. "It also supports multi-boot functionality, allowing you to install more than one operating system and choose which to run at startup," writes Liliputing's Brad Linder. Some of the hardware specs include a 6.3-inch FHD+ display, a MediaTek Helio G85 processor, 4GB of RAM, 128GB storage, 3.5mm audio jack and a microSD card reader. There's also a 48-megapixel main camera sensor and replaceable 4,500mAh battery. From the report: While Volla works with the folks at UBPorts to ensure its phones are compatible with Ubuntu Touch, the company develops the Android-based Volla OS in-house. It's based on Google's Android Open Source Project code, but includes a custom launcher, user interface, and set of apps with an emphasis on privacy. The Google Play Store is not included, as this is a phone aimed at folks who want to minimize tracking from big tech companies. Other Google apps and services like the Chrome web browser, Google Maps, Google Drive, and Gmail are also omitted. The upshot is that no user data is collected or stored by Volla, Google, or other companies unless you decide to install apps that track your data. Of course, that could make using the phone a little less convenient if you've come to rely on those apps, so the Volla Phone might not be the best choice for everyone.

Volla OS also has a built-in user-customizable firewall, an App Locker feature for disabling and hiding apps, and optional support for using the Hide.me VPN for anonymous internet usage. The source code for Volla OS is also available for anyone that wants to inspect the code. The operating system also has a custom user interface including a Springboard that allows you to quickly launch frequently-used apps by pressing a red dot for a list, or by starting to type in a search box for automatic suggestions such as placing a phone call, sending a text message, or opening a web page. You can also create notes or calendar events from the Springboard or send an encrypted message with Signal. The phone is expected to ship in June at an early bird price of about $408.

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. From a report: The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi. It is the third such emergency update Google has had to issue for Chrome this year. One of the flaws is a type confusion vulnerability tracked as CVE-2022-1364, a high-severity, zero-day bug that is actively being used by attackers. With a type confusion flaw, a program will allocate a resource like a pointer or object using one type but later will access the resource using another, incompatible type. In some languages, like C and C++, the vulnerability can result in out-of-bounds memory access. This incompatibility can cause a browser to crash or trigger logical errors. However, if exploited, it could enable a hacker to execute arbitrary code.