Find notable cyber news and cases, enriched with sources, timelines, and signals.

Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout

Security Tool/Service
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

Mozilla Firefox 149 now includes a built-in VPN tool that adds browser-level privacy protection and can help hide a user's location and IP address while browsing. The feature provides up to 50 GB per month for Mozilla account users and is rolling out first to users in the U.S., UK, Germany, and France. It matters because the control is built into the browser, can be enabled for specific websites, and is positioned to reduce exposure during public Wi‑Fi and other sensitive browsing sessions.

Related Happenings

FROST browser SSD timing side channel via OPFS

Technical Analysis
H score16 First: 09.06.2026 12:50 Last: 09.06.2026 12:50 Sources 1

About this happening: **FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
H score11 First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
H score11 First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
H score34 First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)

Vulnerability
H score39 First: 07.03.2026 13:21 Last: 07.03.2026 13:21 Sources 1

About this happening: **Firefox 148** now addresses **CVE-2026-2796**, a **CVSS 9.8** **JIT miscompilation** in the **JavaScript WebAssembly component**, after **Anthropic** validated the flaw and show...

Timeline

  1. 24.03.2026 19:23 2 articles · 3mo ago

    Mozilla discloses Firefox 149 built-in VPN rollout

    Initial Disclosure

    Mozilla released Firefox 149 with a built-in VPN privacy control that routes only browser traffic through a secure proxy, can hide location and IP address, and gives Mozilla account users up to 50 GB of monthly traffic while the rollout begins in the U.S., UK, Germany, and France.

    Show sources