The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.
Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.
In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.
Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.
Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."
In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.
Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.
Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023.
According to the research, over 100 million computers were still running Windows 7 as of 2021, giving their owners little time to update them before they face the security hazards associated with utilizing an antiquated browser and operating system.
Windows 8.1 is still the fourth most popular Microsoft operating system in the world, according to the Statcounter team, with 2.45% of all Windows users having it installed on their computers. Given the fact that it will affect millions of individuals and expose numerous PCs to attack, this end of support is quite concerning.
For systems running Windows 10 2004 or 20H2, Windows 10 21H1 was a minor feature update that was designed to be simple to install. It contained improvements to Windows Defender Application Guard, Windows Management Instrumentation via Group Policy, and support for several Windows Hello-enabled cameras.
Along with the release of a new Chrome version, Google also disclosed that it will discontinue support for Windows 7 and Windows 8.1 in early 2023. For users to continue receiving new Chrome updates, their device must be running Windows 10 or later.
It would be wise for anyone running an outdated version of Windows to inspect their computers and make some critical adjustments this week. Microsoft has issued the warning because Windows 8.1 will soon stop receiving security updates and patches after January 10, 2023.
A surveillance vendor from Barcelona called Variston IT is believed to deploy spyware on victim devices by compromising various zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of these go back to December 2018.
Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said "their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device."
Variston has a bare-bones website, it claims to provide tailor-made security solutions to its customers, it also makes custom security patches for various types of proprietary systems and assists in the discovery of digital information by law enforcement agencies, besides other services.
Google said "the growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry."
The vulnerabilities, which have been fixed by Google, Microsoft, and Mozilla in 2021 and early 2022, are said to have been used as zero-days to help customers deploy whichever malware they want to, on targeted systems.
Heliconia consists of three components called Noise, Files, and Soft, each of these is responsible for installing exploits against vulnerabilities in Windows, Firefox, and Chrome, respectively.
Noise is designed to exploit a security flaw in the Chrome V8 engine JavaScript that was fixed last year in August 2021, along with an unknown sandbox escape method known as "chrome-sbx-gen" to allow the final payload (also called an agent) to be deployed on select devices.
But the attack works only when the victim accesses a malicious webpage intended to trap the user, and then trigger the first-stage exploit.
Google says it came to know about the Heliconia attack framework after it got an anonymous submission in its Chrome bug reporting program. It further said that currently there's no proof of exploitation, after hinting the toolset has shut down or evolved further.
Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0 days before they were fixed.
Heliconia Noise: a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape
Heliconia Soft: a web framework that deploys a PDF containing a Windows Defender exploit
Files: a set of Firefox exploits for Linux and Windows.
A hacking group that is believed to work from North Korea is loading harmful browser extensions for Edge and Chrome. It tries to steal email info from open AOL and Gmail sessions and interchange browser preference files.
Volexity experts found the malicious extension, known as SHARPEXT, it is active for almost a year by Kimsuky (aka SharpTongue). It uses the extension after the attack has been launched, for keeping its presence.
"SharpTongue's toolset is well documented in public sources; the most recent English-language post covering this toolset was published by Huntress in 2021. The list of tools and techniques described in that post is consistent with what Volexity has commonly seen for years. However, in September 2021, Volexity began observing an interesting, undocumented malware family used by SharpTongue," reports Volexity.
Unlike other harmful browser extensions, SHARPEXT isn't made for stealing user credentials. On the contrary, the extension steals information from the e-mail inboxes of the victims.
The hackers deploy the extension manually via a VBS script once the initial breach of the victim system has been done.
To install SHARPEXT, the hackers replace the Preferences and Secure Preferences files, for the aimed Chromium-based browser, which is generally said to be a difficult task to execute.
• To interchange the Secure Preferences file, the hackers obtain some details from the browser and make a new file running on browser start-up.
• After that, the attackers use a secondary script to conceal some of the extension's features and any other windows that can surface and alarm the users about suspicious activities.
• Lastly, the extension uses a pair of listeners for a particular type of activity in the browser tabs. Installation is then modified for different respective targets.
Volexity says "the purpose of the tabs listeners is to change the window title of the active tab in order to add the keyword used by dev.ps1, the PowerShell script described previously. The code appends the keyword to the existing title (“05101190” or “Tab+”, depending on the version). The keyword is removed when DevTools is enabled on the tab."