Within the last week every major browser has had numerous vulnerabilities released; from CSS trickery to DOM/Javascript overflows.

At first I was shocked at the shear amount of vulnerabilities until I remembered my time as a commercial developer. Every vendor is competing to get more features out the door before the other guys do. Code auditing and reviews are either done hastily at the end of the production run or are an expendable portion of the development life-cycle that can get thrown out if timelines become tight. “Build now, debug later!”

I would normally /yawn at the news but this time it is getting a bit more dangerous. WordPress and other site building software have become targets of attack, primarily to inject browser exploits and all kinds of malware nastiness. The chinese “Night Dragon” attacks are infiltrating thousands of websites and injecting browser exploits everywhere as well. The “Black Hole” malware kit has been updated to use these exploits allowing any 12 year old with some extra time on their hands to publish these attacks anywhere they want. And to top it off, not all of the browsers have patches available to fix these holes which only extends the useful timespan of these exploits.

Since it can take months for these sites to get patched/cleaned it is down to the individual web surfer to keep their browser patches up to date.