GoogleがChrome 149.0.7827.53を安定版として公開し、429件の脆弱性を修正した。修正対象には22件の重大（Critical）な脆弱性が含まれ、Windows、macOS、Linux、iOS版Chromeに影響する。Googleは悪用防止のため、詳細情報の公開を制限している。 修正はブラウザーエンジン、GPU、グラフィックス、ネットワーク、メディア処理、Autofill、Password Manager、DevTools、WebView、Chrome for iOSなど幅広いコンポーネントに及ぶ。 重大な脆弱性には、ANGLEの境界外読み書き（CVE-2026-10881、CVE-2026-10883）、GPUのスタックバッファオーバーフロー（CVE-2026-10898）が含まれる。また、Network、Chromecast、Cast Streaming、Chromoting、Printing、FileSystem、GFX、Ozone、Chrome for iOS、Passwordsなどで複数のUse-After-Free脆弱性が修正された。 このほか、V8、WebRTC、WebAuthentication、Audio、Network、FileSystem、DevTools、Mediaなどで高危険度の脆弱性が修正されている。中危険度の脆弱性についても、入力検証の不備やポリシー回避、不適切なセキュリティUIなど多数の問題が解消された。 GoogleはAddressSanitizerやMemorySanitizer、libFuzzer、AFLなどのテストツールを活用して問題を発見したとしている。 cybersecuritynews.com/chrome…

Some keywords @MarshallHayner highlighted before it was “cool” & even frowned upon,once upon a time in the industry. -Decentralized onchain digital ID -AML/BSA compliance/KYC -WebAuthentication -Decentralized exchanges -On chain voting/Governance -Empowering credit unions

PasskeyのAutomatic Passkey Upgradesについて "Passkeys iOS 18: Automatic Passkey Creation & Upgrades" corbado.com/blog/ios-18-pass… #password #WebAuthentication #article

Apple's Passkeys are a passwordless sign-in technology designed to replace traditional passwords, offering enhanced security and convenience. They are built on the WebAuthentication (WebAuthn)standard and utilize public-key cryptography, generating unique cryptographic key pairs for each account. This eliminates the need to remember or manage passwords, as login is achieved through biometric authentication (like Touch ID or Face ID) or device PINs.

It’s safe. All transactions happen through webauthentication. You can logout after using it :)

Critical vulnerability (CVE-2024-9956) in Chrome’s WebAuthn on Android allowed attackers to hijack PassKeys via Bluetooth. The vulnerability stemmed from an improper implementation in Chrome’s WebAuthentication API handling: offs.ec/4j9TcvP

#XPR ⚛️ Network is built for mainstream DeFi Banking - Stream Payments, Digital Identity/Kyc WebAuthentication @webauthwallet , Crypto Storage, Supply Chain tracking, Tokenization of Assets, Governance Dashboards (especially the #DOGE 🐕 dashboard voting on all matters on an unalterable ledger). The $XPR DAO already approved a $50m ($10b XPR) grant for @elonmusk to implement, a huge savings to the government. @DOGE With partnerships and integrations like FEDNOW, Jack Henry Fintech, Fiserv Payments, and Temenos, along with the acquisition of Bonifii connecting over 80 credit unions $XPR and $Metal Blockchain are connected to the American banking system. 🏦 Also XPR codebase has been rewritten to work as an AVM on a layer 0 $METAL. If you are familiar with Avax it's a fork of that with the power of XPR (prob. A-chain on Metal > THE ONLY BSA COMPLIANT LAYER 0! Banks will only partner with blockchains compliant with the Bank Secrecy Act, the financial system’s shield against bad actors and dirty money. In conclusion, $XPR Network and $Metal Blockchain are paving the way for the future of decentralized finance/banking. With fast transactions and focus on compliance. XPR can run the 🇺🇸 government. More here: @XPRNetwork @MetallicusTDBN @MetalXApp @webauthwallet @MetalBlockchain

Web3 enables us to introduce newer infrastructure primitives to existing web technologies in a decentralized way Here’s how @eigencloud can be used to compute & verify challenges for webauthentication (passkeys) through a verifier AVS. w̶e̶b̶3̶ w̶e̶b̶2̶ web. its cleaner.

Day 65, focused on important concepts related to web authentication and session management.I explored Session, Cookie, JWT, Token, SSO, and OAuth 2.0 with a comprehensive diagram! 📊#WebAuthentication #SessionManagement #OAuth2 #JWT #Cookies #SSO #WebDevelopment #100DaysOfCode

WebAuthnのチュートリアル "はじめての WebAuthn" developers.google.com/codela… #WebAuthentication #tutorial

Metallicus will also deploy a suite of innovative solutions for the Superchain, including a WebAuthentication (Webauthn) wallet with WebAuth.com, decentralized on-chain identity (DID) with Metal Identity, and a reserve-backed stablecoin index with Metal Dollar (XMD).

Diving into @Metal_L2? Get prepared with WebAuth. The OG WebAuthentication Wallet. WebAuth.com

📰 curiosity (didn't) killed the cat Passkey su EEF eff.org/deeplinks/2023/10/wh… Proton Pass e Passkeys proton.me/support/pass-use-p… proton.me/blog/what-is-a-pas… proton.me/support/use-pass-w… WebAuthentication en.wikipedia.org/wiki/WebAut… Fido Alliance fidoalliance.org/

3️⃣ sicurezza Le passkeys si basano sullo standard WebAuthentication, utilizzando la crittografia a chiave pubblica. Nel processo di creazione tramite Password Manager, vengono generate due chiavi: la chiave pubblica (che resta sul server del sito al quale si vorrà fare l'accesso) e la chiave privata (che rimane sul dispositivo); la coppia di chiavi è univoca, matematicamente correlata e non duplicabile. Quando dovremo effettuare l'accesso al sito, viene inviata una richiesta di autenticazione: la chiave privata risolve il challenge di autenticazione ed invia la risposta. Il server verifica la corrispondenza tra la chiave pubblica in suo possesso e la risposta della chiave privata ed autorizza l'accesso. Uno degli entry point più comuni per accedere ai sistemi è sempre il #phishing o il #socialengineering, metodi con i quali è possibile carpire informazioni sensibili utili a recuperare credenziali di accesso. Le passkey sono resistenti a questo tipo di attacco. Il downside, ovviamente, è perdere completamente l'accesso al gestore di passkey.

(poll) Are you using WebAuthentication (WebAuthn) to accept passkey login (TouchID, FaceID, etc) from users on your site/webapp?

今日記事を書くならFIDOって入れとかないと！ Keycloak で試す WebAuthentication (WebAuthn) x OpenID Connect (OIDC)｜56 zenn.dev/kg0r0/articles/972c… #zenn

Keycloak で試す WebAuthentication (WebAuthn) x OpenID Connect (OIDC)｜56 zenn.dev/kg0r0/articles/972c… #zenn

$XPR ⚛️ @XPRNetwork #WebAuthentication #DID #KYC #AML #AcquiringBank #BuiltForTraders #InstantTransactions #ZeroGasFees #BuiltForFinance #Lending #BlockchainForEveryone ⚛️ $XPR $METAL $LOAN $MTL $XMD #IYKYK 🚀