Researcher Mariusz Mlynski found and disclosed four high-severity vulnerabilities in Chrome’s Blink rendering engine, earning himself $32,000 through the Chrome Rewards program.
Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.
Microsoft said that with the release of the Windows 10 Anniversary Update this summer, its IE and Edge browsers would no longer display the lock icon for websites using SHA-1 signed certificates.
Mozilla warns Firefox users that the browser’s rejection of new SHA-1 certificates is keeping some users behind security scanners and antivirus software from reaching HTTPS sites.
Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.