Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Bleeping Computer

Chrome Extension Protects Against JavaScript-Based CPU Side-Channel Attacks

A team of academics has created a Chrome extension that can block side-channel attacks that use JavaScript code to leak data from a computer's RAM or CPU. The extension's name is Chrome Zero and is ...