Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Chrome. Show all posts
Technology
Browser Chrome Cookies Google Technology

Google Disables 30 Million Chrome User Cookies


Eliminating Cookies: Google's Next Plan

Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be permanently removed from Chrome by the end of the year—sort of.

Cookies are the original sin of the internet, according to privacy campaigners. For the majority of the internet's existence, one of the main methods used by tech businesses to monitor your online activity was through cookies. Websites use cookies from third firms (like Google) for targeted adverts and many other forms of tracking.

These are referred to as "third-party cookies," and the internet's infrastructure includes them. They are dispersed throughout. We may have sent you cookies if you visited Gizmodo without using an ad blocker or another type of tracking protection. 
Years of negative press about privacy violations by Google, Facebook, and other internet corporations in 2019 were so widespread that Silicon Valley was forced to respond. 

Project: Removing third-party cookies from Chrome

Google declared that it was starting a project to remove third-party cookies from Chrome. Google gets the great bulk of its money from tracking you and displaying adverts online. Since Chrome is used by almost 60% of internet users, Google's decision to discontinue the technology will successfully eliminate cookies forever.

First of all, on January 4, 2023, Google will begin its massive campaign to eradicate cookies. Here's what you'll see if you're one of the 30 million people who get to enjoy a cookieless web.
How to determine whether Google disabled your cookies

The first thing that will appear in Chrome is a popup that will explain Google's new cookie-murdering strategy, which it terms "Tracking Protection." You might miss it if, like many of us, you react to pop-ups with considerable caution, frequently ignoring the contents of whatever messages your computer wants you to read.

You can check for more indicators to make sure you're not getting a ton of cookies dropped on you. In the URL bar, there will be a small eyeball emblem if tracking protection is enabled.

If you wish to enable a certain website to use cookies on you, you can click on that eyeball. In fact, you should click on it because this change in Chrome is very certain to break some websites. The good news is that Chrome has a ton of new capabilities that, should it sense a website is having issues, will turn off Tracking Protection.

Finally, you can go check your browser’s preferences. If you open up Chrome’s settings, you’ll find a bunch of nice toggles and controls about cookies under the “Privacy and security” section. If they’re all turned on and you don’t remember changing them, you might be one of the lucky 30 million winners in Google’s initial test phase.

Google is still tracking you, but it’s a little more private

Of course, Google isn’t about to destroy its own business. It doesn’t want to hurt every company that makes money with ads, either, because Google is fighting numerous lawsuits from regulators who accuse the company of running a big ol’ monopoly on the internet. 

You can now go check the options in your browser. The "Privacy and security" area of Chrome's settings contains a number of useful toggles and controls regarding cookies. If all of them are on and you don't recall turning them off, you could be among the fortunate 30 million individuals who won in Google's initial test phase.

You are still being tracked by Google, but it's a little more discreet

Naturally, Google has no intention of ruining its own company. It also doesn't want to harm other businesses that rely on advertising revenue, as Google is now defending itself against multiple cases from authorities who claim the corporation has a monopoly on the internet.






Read more »
VPN
Chrome Cyberattacks CyberCrime Data Cookies data threat Google IP Address Privacy VPN

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.
Read more »
transforming online advertising
Chrome enhanced user privacy Google Google Chrome browser personalization Privacy Sandbox Technology third-party cookies transforming online advertising

Google Chrome Launches 'Privacy Sandbox' to Phase Out Tracking Cookies

 

Google has officially commenced the implementation of Privacy Sandbox within its Chrome web browser for a majority of its users. This move comes nearly four months after the initial announcement of the plan.

"We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.

"Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting."

To facilitate thorough testing, the search giant has chosen to leave approximately three percent of users unaffected by the transition initially. Full availability is anticipated for all users in the upcoming months.

Privacy Sandbox serves as Google's comprehensive approach to a suite of technologies designed to replace third-party tracking cookies with privacy-conscious alternatives. This transition aims to maintain personalized content and advertisements while safeguarding user privacy.

Simultaneously, the company is in the beta testing phase of Privacy Sandbox on Android, extending it to eligible mobile devices running Android 13.

A pivotal component of this endeavor is the Topics API, which categorizes users into varying topics based on their site visitation frequency. Websites can utilize this API to discern a user's interests and deliver tailored ads without knowing the user's identity. Essentially, the web browser acts as an intermediary between the user and the website. Users also have the option to further customize their experience, including specifying ad topics of interest, enabling relevance and measurement APIs, or opting out entirely.

Despite its advancements, Privacy Sandbox has not been without criticism. The Movement For An Open Web recently pointed out that "Google gathers reams of personal data on each and every one of its users, sourced through an opt-in process that it's hard for most web users to avoid."

This development coincides with Google's efforts to enhance real-time protections against phishing attacks through enhancements to Safe Browsing, all without prior knowledge of users' browsing history.

While Google hasn't disclosed specific technical details, it has incorporated Oblivious HTTP relays (OHTTP relays) as part of Privacy Sandbox to enhance anonymity protections and mask IP address information.

"Previously, it worked by checking every site visit against a locally-stored list of known bad sites, which is updated every 30 to 60 minutes," Parisa Tabriz, vice president of Chrome, said.

"But phishing domains have gotten more sophisticated — and today, 60% of them exist for less than 10 minutes, making them difficult to block. By shortening the time between identification and prevention of threats, we expect to see 25% improved protection from malware and phishing threats."
Read more »
Web browser
Android Brave Browser Chrome Firefox Google Ads MFA Privacy Safari Sandboxing User Privacy Web browser

Chrome's Invasive New Tracking Sparks Need for a New Browser

The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.

Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.

In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.

Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.

Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."

In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.

Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.


Read more »
Privacy Sandbox
Chrome CMA Cyber Attacks Cyber Crime Cyber Development cybercriminals Cybersecurity Google Privacy Sandbox

Web Development Revolution: Chrome's Cookie-Free Tools

 


It has become increasingly common for browsers to use third-party cookies as part of their browsing process, which makes it possible for advertisers and bad actors to spy on large chunks of your browsing history to provide more relevant ads. There is no doubt that third-party cookies contribute to the functioning of websites and the experience of Internet users, but most experts agree that we need alternatives that are easier to control, regulate, and understand. 

Google announced in a blog post that it will enable the Privacy Sandbox APIs over the next few days to protect user privacy. There would be an initial rollout of these APIs for a small percentage of users with Chrome 115 installed. When the APIs become available, they would ramp up gradually over time. 

To get rid of browser cookies, Google developed a Privacy Sandbox in 2019 to rid itself of the problem. This is counter to Google's operation. The privacy feature on the site is not intended to completely stop advertisers from targeting audiences with their ads. Instead, it makes it harder for advertisers to access users' personal information. Google announced the Privacy Sandbox program in May 2023. It stated that the process would begin by July 2023 and be available to everyone. Finally, the day has come when that dream will become a reality. 

The Chrome Developers blog for Chrome 115 has more details about the upcoming "relevance and measurement APIs" introduced in Chrome 115. There are several APIs, including Topics APIs that categorize a user’s interests based on how they utilize the Internet. These APIs do not share this information with advertisers directly. There are also attribution reporting APIs, which can determine if ad clicks or views result in conversions. Besides the Protected Audience API (previously FLEDGE), which allows relevant advertising to be displayed to users based on their previous interactions with advertisers.

It is important to point out that these updates come shortly after the U.K.'s top privacy watchdog, Competition Markets & Authority, which is responsible for overseeing the development of Sandbox, released a set of guidelines for testing Sandbox just a few weeks ago. It has been proposed that Google will have to submit itself to more oversight by the CMA by 2021. This is to address concerns that removing third-party cookies may pose a new competitive challenge for companies that use personalized ads. As per the guidelines, reporting test results is particularly critical for ad-tech companies as it helps the CMA assess whether the Privacy Sandbox has addressed our competition concerns, which will help determine whether the Privacy Sandbox is effective. 

The matter of privacy and competition remains one of the biggest concerns facing Google and other digital advertising giants in Europe and the U.S. about the way they conduct their online advertising practices. A new lawsuit has been filed by the European Commission against Google, asserting that its ad-tech business violates the antitrust laws of the EU and suggesting potential steps to break up its massive ad-tech operation. It was noted by Norwegian legislators, as well as French regulatory agencies, that Meta was placed under state control due to its behavioral advertising. In contrast, Criteo was fined for using personal data for advertising. Various courts, lawmakers, and regulatory agencies in various countries have pressured other companies to use data for advertising purposes. 

A privacy sandbox, in essence, is a document that claims third-party cookies are a privacy disaster that needs to be fixed with an open, industry-wide standard that aims to accomplish this goal. A user tracking tool integrates into your browser so that it runs securely locally, which then means that data that is relevant and anonymous is only sent to websites and advertisers when it is relevant and relevant, such as what type of products or topics people may be interested in when visiting their website. By doing this, advertisers and publishers will not have to track users personally so they will no longer have to track their audience. 

The EFF, one of the privacy watchdogs that monitors privacy issues, has criticized the Privacy Sandbox for some of its original ideas. These include FLoC (Federated Learning of Cohorts), which was among its ideas. In response to feedback, Google pivoted and created a different approach, such as Protected Audience. This has not received the same criticism as the now-launched Protected Audience, as it does not follow the same approach. The Privacy Sandbox continues to be a subject of controversy among competitors such as Brave, partly because of concerns surrounding antitrust laws. 

In the beginning, the APIs will be turned on for a limited number of Chrome dev browser instances that are part of Google Chrome development. With the rollout progressing, Google will gradually increase the number of devices to monitor potential problems as the rollout progresses. The following are some of the APIs that were enabled for Chrome developers during this rollout - a few groups of developers will only encounter a subset of the newly available APIs activated so it is easier to detect and isolate issues associated with specific APIs during this rollout. 

There is a possibility that this process will begin next week, starting on the 24th of July, according to Google. The APIs will be released for about 35 percent of the browsers during the week so that the developers can test the APIs. According to the company, they plan to increase this to 60 percent by the end of August. During August, a Chrome 116 general availability date is expected to be announced. However, it is unclear when APIs will work for 99 percent of Chrome 115 browsers. 

At this stage of the testing program, Google says most of the small groups tested with limited access should have all the relevance and measurement APIs enabled. 'Only small, isolated groups are going to be maintained by the company, without each API being enabled for every small group. 

A couple of issues with onboarding and regulatory investigations have caused Google to delay the project, although it was originally projected to phase out third-party cookies in late 2023. The Competition and Markets Authority (CMA), which previously voiced concerns that the search giant's own advertising business would unfairly gain from the updated approach, published guidelines in June for third parties to follow when testing Google's Privacy Sandbox tools. 

It is well known that by passing the CMA's regulatory hurdles back in 2022, Google's plans for refusing or removing third-party cookies will have been approved (provided that Google sticks to the commitments it made to get approval), and the company said it "will continue to work closely with the CMA" before taking any further action to do so.
Read more »
User Privacy
Apple Chrome cloud storage Cyber Crime Google Safe Browsing iPhone User Privacy

Remember to Clear the Cache on Your iPhone

Websites and apps may load more quickly by taking advantage of the cache, a designated area in your iPhone that stores temporary data. As cache data use up space on your phone, it's a good idea to wipe it off frequently to improve browsing speed. When you free up space on your iPhone by clearing the browser or app cache, you may notice a speed and performance improvement. This is especially true if you're experiencing performance concerns.

Clearing cache on  iPhone

For iPhones, Safari is the default browser, which lets you clear the cache in just a few simple steps. This method has a major impact on all devices logged into your iCloud account starting with iOS 11. As a result, the caches on all of your devices will be emptied, and the next time you use them, you'll have to sign in to each one separately. Here is what to do.

1. Launch the iPhone's Settings app.
2. From the list of programs, choose Safari.
3. Choose Clear Website Data and History.
4. The pop-up box will allow you to select Clear History and Data.

Even though cleaning your browsing history in Chrome logs you out of websites, it doesn't appear to dismiss all open tabs. You will need to re-log into any websites you may have been visiting.

With Chrome, remove the iPhone cache

1. Start the Chrome application.
2. To access more options, click the three dots in the lower right corner.
3. Choose Settings by swiping up from the top.
4. On the following menu, choose Privacy and Security.
5. After that, choose Clear Browsing Data to bring up one final selection.
6. At the top-left corner of the menu, choose the desired time frame.
7. Check to see if Cached Images and Files, Cookies, and Site Data are all selected. At the very bottom of the screen, select Clear Browsing Data.


Caches and cookies 

Cookies are little files that carry passwords and personalization data and store data about your online behavior. Many cookies, including those that keep you logged in to regularly visited websites, are helpful; nevertheless, some third-party cookies track your behavior on many websites. This could contain potentially sensitive data, such as your search history and your clicked links.

Contrarily, a cache stores data files that your browser or application is likely to utilize frequently. Avoiding the need to constantly download the same data, can improve the performance of your phone.

Caches typically only need to be cleared once every two to three months. Usually, at that point, your browser will start accumulating a cache big enough to start slowing things down. One should be cautious of cleaning your cache more frequently if you visit many websites.




Read more »
Windows Defender
Chrome Cyber Security Gaming PCs Microsoft Patch Fix Security Updates Windows 11 Windows Defender

Microsoft Announced the End of Support for Windows 7 & 8

Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023.

According to the research, over 100 million computers were still running Windows 7 as of 2021, giving their owners little time to update them before they face the security hazards associated with utilizing an antiquated browser and operating system.

Windows 8.1 is still the fourth most popular Microsoft operating system in the world, according to the Statcounter team, with 2.45% of all Windows users having it installed on their computers. Given the fact that it will affect millions of individuals and expose numerous PCs to attack, this end of support is quite concerning. 

PCs running Windows XP, 7, or 8 were more prevalent than those running Windows 11 according to a Lansweeper survey of 27 million Windows devices conducted in October.

For systems running Windows 10 2004 or 20H2, Windows 10 21H1 was a minor feature update that was designed to be simple to install. It contained improvements to Windows Defender Application Guard, Windows Management Instrumentation via Group Policy, and support for several Windows Hello-enabled cameras. 

Along with the release of a new Chrome version, Google also disclosed that it will discontinue support for Windows 7 and Windows 8.1 in early 2023. For users to continue receiving new Chrome updates, their device must be running Windows 10 or later.

It would be wise for anyone running an outdated version of Windows to inspect their computers and make some critical adjustments this week. Microsoft has issued the warning because Windows 8.1 will soon stop receiving security updates and patches after January 10, 2023.

Read more »
Windows
Chrome Google malware Mozilla Spyware Windows

Google Blames Spanish Spyware of Exploiting Chrome, Windows, and Firefox Zero-Days


Variston IT Spyware behind an attack on Google

A surveillance vendor from Barcelona called Variston IT is believed to deploy spyware on victim devices by compromising various zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of these go back to December 2018. 

Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said "their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device." 

Variston has a bare-bones website, it claims to provide tailor-made security solutions to its customers, it also makes custom security patches for various types of proprietary systems and assists in the discovery of digital information by law enforcement agencies, besides other services.

Google's Response 

Google said "the growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups. These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry."

The vulnerabilities, which have been fixed by Google, Microsoft, and Mozilla in 2021 and early 2022, are said to have been used as zero-days to help customers deploy whichever malware they want to, on targeted systems. 

What is Heliconia vulnerability?

Heliconia consists of three components called Noise, Files, and Soft, each of these is responsible for installing exploits against vulnerabilities in Windows, Firefox, and Chrome, respectively. 

Noise is designed to exploit a security flaw in the Chrome V8 engine JavaScript that was fixed last year in August 2021, along with an unknown sandbox escape method known as "chrome-sbx-gen" to allow the final payload (also called an agent) to be deployed on select devices.  

But the attack works only when the victim accesses a malicious webpage intended to trap the user, and then trigger the first-stage exploit. 

Google says it came to know about the Heliconia attack framework after it got an anonymous submission in its Chrome bug reporting program. It further said that currently there's no proof of exploitation, after hinting the toolset has shut down or evolved further. 

Google blog said

Although the vulnerabilities are now patched, we assess it is likely the exploits were used as 0 days before they were fixed.

Heliconia Noise: a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape

Heliconia Soft: a web framework that deploys a PDF containing a Windows Defender exploit

Files: a set of Firefox exploits for Linux and Windows.






Read more »
Watering Hole attack
attacks Chrome Data malware Safety SolarMarker Watering Hole attack

SolarMarker Using Watering Hole Attacks and Fake Chrome Browser Updates, Infects Business Professionals

 

Researchers have uncovered the cyberattack group behind the SolarMarker malware, which is targeting a global tax consulting firm with offices in the United States, Canada, the United Kingdom, and Europe. It is using fake Chrome browser updates as part of watering hole attacks. This is a fresh approach for the group, replacing its previous method of SEO poisoning, also known as spamdexing. 

SolarMarker is a multistage malware that can steal autofill data, saved passwords, and credit card information from victims' browsers. According to an advisory issued on Friday by eSentire's Threat Response Unit (TRU), the threat group was observed exploiting vulnerabilities in a medical equipment manufacturer's website, which was built with the popular open-source content management system WordPress. The victim worked for a tax consulting firm and used Google to look up the manufacturer's name.

"This tricked the employee into downloading and executing SolarMarker, which was disguised as a Chrome update," the advisory noted.

"The fake browser update overlay design is based on what browser the victim is utilizing while visiting the infected website," the advisory added. "Besides Chrome, the user might also receive the fake Firefox or Edge update PHP page."

Considering that the TRU team has only witnessed a single infection of this vector type, it is unclear whether the SolarMarker group is testing new tactics or preparing for a larger campaign. Previous SolarMarker attacks used SEO poisoning to target people who searched online for free templates of popular business documents and business forms.

Increase Employee Awareness by Monitoring Endpoints

The TRU advisory outlines four key steps organisations can take to mitigate the impact of these types of attacks, including increasing employee awareness of automatic browser updates and avoiding downloading files from unknown sites.
 
"Threat actors research the kind of documents businesses look for and try to get in front of them with SEO," the advisory stated. "Only use trusted sources when downloading content from the internet, and avoid free and bundled software."

TRU also recommends more vigilant endpoint monitoring, which will necessitate more frequent rule updates to detect the latest campaigns, as well as enhanced threat-landscape monitoring to strengthen the organization's overall defence posture.

SolarMarker Campaigns Relaunched Following a Dormant Period

The.NET malware was discovered in 2020 and is typically distributed via a PowerShell installer, with data-gathering capabilities and a backdoor.

Sophos Labs discovered a number of active SolarMarker campaigns in October 2021 that followed a common pattern: cybercriminals used SEO techniques to place links to websites with Trojanized content in the search results of several search engines.

Menlo Security previously reported a SolarMarker campaign in October 2021 that used over 2,000 unique search terms to lure users to sites that then dropped malicious PDFs rigged with backdoors.
Read more »
Vmware vulnerability
Chrome Malicious Campaign malware Malware Campaign VMware Vmware vulnerability

ChromeLoader: Microsoft, VMware Warns of the New Malware Campaigns

 

Microsoft and VMware are warning about the ongoing widespread malware campaign of ChromeLoader, which led to an “ongoing wide-ranging click frauds” later this year. 

The malware tool named ChromeLoader is apparently hijacking the browsers to redirect users to ad pages. The software has now evolved into a potential threat by deploying more potent payloads that go beyond malvertising. Variants of ChromeLoader have been dropping malicious browser extensions, node WebKit malware, and even ransomware on Windows PCs and Macs. 

Functioning of ChromeLoader 

Microsoft detected an ongoing widespread campaign of click frauds and attributed it to a threat actor DEV-0796. The malware attack begins with an ISO file that is downloaded when the user clicks a malicious ad, browser redirects, or Youtube comment. The attackers seek to profit from clicks generated by malicious browser extensions or node-WebKit that they have installed on the victim’s device, without being detected.  

The researchers from VMware’s Carbon Black Managed Detection and Response (MDR) team said they have seen the malware’s operators impersonating various legitimate services that would lead users to ChromeLoader. The researchers observed hundreds of attacks that included variants of the malware, targeting multiples sectors such as education, government, healthcare, and enterprises in business services. 

“This campaign has gone through many changes over the past few months, and we don’t expect it to stop [...] It is imperative that these industries take note of the prevalence of this threat and prepare to respond to it” warns the researchers. 

Rapid Evolution Of Malware

Earlier, the malware infected Chrome with a malicious extension that redirected the user traffic to advertising sites performing click frauds and generating income for the threat actors. “But, it later evolved into an ‘info-stealer’, stealing sensitive data stored in browsers and deploying zip bombs (i.e. malicious archive files) to crash systems, while still retaining its adware function,” said researchers, in an advisory released on September 19. 

Since Adware does not cause any significant damage to a victim’s software, the threat is not taken seriously by analysts. However, any software, such as ChromeLoader, that could enter a system undetected, is an immediate threat to a user, as the victim may as well apply modifications, facilitating monetization options for the malware. 

“The Carbon Black MDR team believes that this is an emerging threat that needs to be tracked and taken seriously [...] due to its potential for delivering more nefarious malware,” VMware said in the advisory. 
Read more »
Security
attacks Chrome Cyber Attacks Documents Emails Mallicious Attacks Security

Researchers Discover Kimusky Infra Targeting South Korean Politicians and Diplomats

 

Kimusky, a North Korean nation-state group, has been linked to a new wave of nefarious activities targeting political and diplomatic entities in its southern counterpart in early 2022. 

The cluster was codenamed GoldDragon by Russian cybersecurity firm Kaspersky, with infection chains resulting to the implementation of Windows malware designed to file lists, user keystrokes, and stored web browser login credentials. South Korean university professors, think tank researchers, and government officials are among the potential victims. 

Kimsuky, also known as Black Banshee, Thallium, and Velvet Chollima, is a prolific North Korean advanced persistent threat (APT) group that targets entities globally, but with a primary focus on South Korea, to gather intelligence on various topics of interest to the regime.

The group, which has been active since 2012, has a history of using social engineering tactics, spear-phishing, and watering hole attacks to obtain sensitive information from victims.

Late last month, cybersecurity firm Volexity linked the actor to an intelligence-gathering mission aimed at siphon email content from Gmail and AOL using Sharpext, a malicious Chrome browser extension.

The latest campaign employs a similar tactic, with the attack sequence initiated by spear-phishing messages containing macro-embedded Microsoft Word documents supposedly comprising content related to geopolitical issues in the region. Alternative initial access routes are also said to use HTML Application (HTA) and Compiled HTML Help (CHM) files as decoys in order to compromise the system.

Whatever method is used, the initial access is followed by a remote server dropping a Visual Basic Script that is orchestrated to fingerprint the machine and retrieve additional payloads, including an executable capable of exfiltrating sensitive information.

The attack is unique in that it sends the victim's email address to the command-and-control (C2) server if the recipient clicks on a link in the email to download additional documents. If the request does not include the expected email address, a harmless document is returned.

To complicate matters even further, the first-stage C2 server forwards the victim's IP address to another VBS server, which compares it to an incoming request generated after the target opens the bait document. The two C2 servers' "victim verification methodology" ensures that the VBScript is distributed only when the IP address checks are successful, indicating a highly targeted approach.

"The Kimsuky group continuously evolves its malware infection schemes and adopts novel techniques to hinder analysis. The main difficulty in tracking this group is that it's tough to acquire a full-infection chain," Kaspersky researcher Seongsu Park concluded.
Read more »
Vulnerabilities and Exploits
Bugs Chrome Flaws Google Users Vulnerabilities and Exploits

New Google Chrome Zero-Day Flaw Being Exploited in the Wild

 

Google launched patches for the Chrome browser for desktops on Tuesday that address an actively exploited high-severity zero-day flaw in the wild. The issue, identified as CVE-2022-2856, has been described as a case of insufficient validation of untrusted input in Intents. 

On July 19, 2022, security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group were credited with discovering the flaw. As is customary, the tech powerhouse has withheld further details about the flaw until the vast majority of users have been informed. 

"Google is aware that an exploit for CVE-2022-2856 exists in the wild," the company said aptly.

The latest update also addresses ten other security flaws, the majority of which are related to use-after-free flaws in various components such as FedCM, SwiftShader, ANGLE, and Blink. A heap buffer overflow vulnerability in Downloads has also been fixed.

This is the fifth zero-day vulnerability in Chrome that Google has fixed since the beginning of the year.
  • CVE-2022-0609 - Use-after-free in Animation
  • CVE-2022-1096 - Type confusion in V8
  • CVE-2022-1364 - Type confusion in V8
  • CVE-2022-2294 - Heap buffer overflow in WebRTC
To mitigate potential threats, users are advised to update to version 104.0.5112.101 for macOS and Linux, and 104.0.5112.102/101 for Windows. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as they become available.

Read more »
SharpTongue
Browser Chrome Cyber Attacks SharpTongue

Kimsuky Makes E-Mails Hacking Browser Extensions

A hacking group that is believed to work from North Korea is loading harmful browser extensions for Edge and Chrome. It tries to steal email info from open AOL and Gmail sessions and interchange browser preference files. 

About SHARPEXT

Volexity experts found the malicious extension, known as SHARPEXT, it is active for almost a year by Kimsuky (aka SharpTongue). It uses the extension after the attack has been launched, for keeping its presence. 

"SharpTongue's toolset is well documented in public sources; the most recent English-language post covering this toolset was published by Huntress in 2021. The list of tools and techniques described in that post is consistent with what Volexity has commonly seen for years. However, in September 2021, Volexity began observing an interesting, undocumented malware family used by SharpTongue," reports Volexity.

Kimsuky's Attack

Unlike other harmful browser extensions, SHARPEXT isn't made for stealing user credentials. On the contrary, the extension steals information from the e-mail inboxes of the victims.

The hackers deploy the extension manually via a VBS script once the initial breach of the victim system has been done. 

How SHARPEXT is installed

To install SHARPEXT, the hackers replace the Preferences and Secure Preferences files, for the aimed Chromium-based browser, which is generally said to be a difficult task to execute. 

• To interchange the Secure Preferences file, the hackers obtain some details from the browser and make a new file running on browser start-up.

• After that, the attackers use a secondary script to conceal some of the extension's features and any other windows that can surface and alarm the users about suspicious activities. 

• Lastly, the extension uses a pair of listeners for a particular type of activity in the browser tabs. Installation is then modified for different respective targets. 

Volexity says "the purpose of the tabs listeners is to change the window title of the active tab in order to add the keyword used by dev.ps1, the PowerShell script described previously. The code appends the keyword to the existing title (“05101190” or “Tab+”, depending on the version). The keyword is removed when DevTools is enabled on the tab." 












Read more »
Vulnerability and Exploits
Bugs Chrome Flaw Google Microsoft Vulnerabilities and Exploits Vulnerability and Exploits

V8 Type Confusion Vulnerability Hits Google Chrome & Microsoft Edge Browser

 

Following the discovery of a V8 vulnerability in Chrome and Edge that has been exploited in the wild, ZDNet recommends that users running Windows, macOS, or Linux update their Chrome builds to version 99.0.4844.84, as an out-of-band security update was recently released by Google to address the issue. 

Concerning the V8 Vulnerability:

There isn't much information available about this recently discovered vulnerability, as Google stated that it will wait for the bulk of users to update their browsers before acting. As per Google, “Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” 

What is known is that the bug in question has been assigned CVE-2022-1096, which is a zero-day "type confusion in V8" bug and was reported on March 23, 2022, by an "anonymous" researcher. V8 is a JavaScript engine that is completely free and open-source. The Chromium Project created it for Google Chrome and Chromium web browsers. 

Lars Bak is the person who came up with the idea for the project. It's worth noting that the first version of Firefox was released in 2008, almost simultaneously with the initial version of Chrome. Because the V8 vulnerability affected Edge as well, Microsoft Office issued a statement on the subject, stating that the issue had been resolved in Edge version 99.0.1150.55. 

Microsoft’s notice reads, “The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.”
Read more »
Web browser
Browser Chrome Cyber Security data security Google IP Address Network PNA Privacy Security servers Upgrade Web browser

Due to Security Reasons, Chrome will Limit Access to Private Networks

 

Google has announced that its Chrome browser will soon ban websites from querying and interacting with devices and servers inside local private networks, due to security concerns and past abuse from malware. 

The transition will occur as a result of the deployment of a new W3C specification known as Private Network Access (PNA), which will be released in the first half of the year. The new PNA specification introduces a feature to the Chrome browser that allows websites to request permission from computers on local networks before creating a connection.

“Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server. This preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true,” as perEiji Kitamura and Titouan Rigoudy, Google. 

Internet websites will be prohibited from connecting if local hardware such as servers or routers fails to respond. One of the most important security features incorporated into Chrome in recent years is the new PNA specification. 

Cybercriminals have known since the early 2010s that they can utilize browsers as a "proxy" to relay connections to a company's internal network. For example, malicious code on a website could attempt to reach an IP address such as 192.168.0.1, which is the standard address for most router administrative panels and is only reachable from a local network. 

When users visit a fraudulent site like this, their browser can issue an automatic request to their network without their permission, transmitting malicious code that can evade router authentication and change router settings. 

These types of attacks aren't simply theoretical; they've happened previously, as evidenced by the examples provided here and here. Other local systems, such as internal servers, domain controllers, firewalls, or even locally-hosted apps (through the http://localhost domain or other locally-defined domains), could be targeted by variations of these internet-to-local network attacks. Google aims to prevent such automated attacks by incorporating the PNA specification into Chrome and its permission negotiation system. 

According to Google, PNA was included in Chrome 96, which was published in November 2021, but complete support will be available in two parts this year, with Chrome 98 (early March) and Chrome 101 (late May).
Read more »
Windows 10
Chrome Exploits Google malware Windows Windows 10

Threat Actors Exploit Chrome to Deliver Malware as Windows 10 App

 

Hackers that launched a recently discovered malware campaign are attacking Windows 10 with a malware which could infect systems with a process which evades Windows cybersecurity protections known as User Account Control (UAC). "Researchers couldn’t retrieve the payload files from the sample that they analyzed because they were no longer present when they investigated. However, they used samples from VirusTotal to peer under the hood," reports ThreatPost. Rapid7 cybersecurity experts discovered the campaign and warned the goal of hackers is to extract out personal data and steal cryptocurrency from infected victim PC.
According to experts, malware is very persistent on PC, exploiting the Windows environment variable and a local scheduled task to make sure it constantly executes with extra privileges. The attack chain initiates when a Chrome browser user opens a malicious site, followed by opening of a "browser ad service" which requests the user to take some action. However, it isn't confirmed what the experts mean by 'browser ad service.' The end goal of the hacker is to steal data using info-stealer malware, stolen data includes browser credentials and cryptocurrency. 

Besides this, other suspicious activities include stopping browser update and creating a system situation suitable for arbitrary commands execution. Hackers have been using a compromised site particularly built for to abuse a Chrome browser version (that runs on windows 10) to provide malicious payloads. The investigations of user chrome browser also showed redirects to various malicious domains and other suspicious redirect chains prior to the first stage infection. 

"Upon further analysis, researchers found that birchlerarroyo[.]com presented a browser notification requesting permission to show notifications to the user. This as well as a reference to a suspicious JavaScript file in its source code led theRapid7 team to suspect that it had been compromised, Iwamaye said.It’s unclear from the research, why or how a user would be coaxed into permitting the site to send notification requests via the Chrome browser. However, once notifications were permitted the browser user was alerted that their Chrome web browser needed to be updated," reports ThreatPost.
Read more »
Vulnerabilities and Exploits
Chrome Chromium Project Google Malicious Codes Reward Vulnerabilities and Exploits

Security Researcher Discovers Serious Flaw in Chromium, Bags $15,000 Reward

 

A recently patched vulnerability in the Chromium project enabled malicious parties to inject code in embedded site pages, despite the fact that these resources were separated from the parent website. 

Chromium is an open-source browser project that intends to make the web a safer, faster, and more stable experience for everyone. The site provides design documents, architecture overviews, testing information to assists users in learning to build and work with the Chromium source code.

The security researcher who initially discovered the vulnerability presented a proof of concept that illustrates an attacker-controlled website abusing the vulnerability to manipulate the information of an embedded website, despite the fact that the target and destinations are on different servers. 

As illustrated in a recent post on the Chromium website, the vulnerability may be leveraged even if the web browser "site isolation" feature is turned on. Site isolation is a security feature that divides each website into its own process to increase security. 

According to the expert, inter-process communication of isolated processes featured a race condition, which is an attack that targets systems that must execute the task in several phases. If the system is susceptible for a brief period of time between execution steps, the attacker can take advantage of the security vulnerability to make destructive changes. Among other exploits, this flaw may allow intruders to insert malicious code into embedded sites or steal personal information from users. 

The vulnerability was discovered in late March and resolved before the end of April. The security researcher received $15,000 from Google's Vulnerability Rewards Program for his finding. The vulnerability has been demonstrated as a “site isolation break because of double fetch of shared buffer”. 

“We always appreciate working with the research community through our Vulnerability Rewards Program, and thanks to this report we were able to patch the issue in Chrome 90,” a Google spokesman stated The Daily Swig.
Read more »
Vulnerability and Exploits
Chrome Google Google Chrome Patch Fix Vulnerability and Exploits

Chrome 92 Update by Google Patches 10 High Severity Vulnerabilities

 

Chrome 92 (92.0.4515.131), the Google security update issued for Windows, Mac, and Linux has patched at least 10 vulnerabilities. Chrome 92, is an update that improves browser efficiency on phish calculations, extends the scope of user website isolation technologies, and includes a few new 'Chrome Actions' to the repertory. 

The search giant established in California has awarded over $133,000 in rewards to users who identified some 35 vulnerabilities addressed in Chrome 92. At least 9 of the flaws were categorized under high severity, the current highest threat level from Google. 

The 360 Alpha Lab team from the Chinese cybersecurity company Qihoo 360's researchers Leecraso and Guang Gong have won $20,000 for detecting a high-severity vulnerability identified as CVE-2021-30590. The issue was described as a bookmark buffer overflow by Google. 

Leecraso told the SecurityWeek team that, CVE-2021-30590 is an issue of sandbox escape that could be "exploited with an extension or a compromised renderer." An intruder can exploit the fault to remotely execute code outside of the sandbox of Chrome. The vulnerability might be leveraged to breakout from the browser's sandbox because of its out-of-bounds write. And it would only need the user to download the extension to take advantage of. 

Google Chrome Sandbox is a creation and test environment for Google Chrome-based applications developers. A test and staging infrastructure is provided by the sandbox environment without the code getting tested for modifications to current code and databases. 

Two vulnerabilities uncovered by researcher David Erceg have also been rated with a high level of severity. CVE-2021-30592, characterized as an off-bound writing problem on Google's Tab Groups, rewarded him $10,000, while CVE-2021-30593 has earned him a $5,000 bug reward, which was defined as an out-of-bounds read bug in Tab Strips. 

“CVE-2021-30592 would require a malicious extension to be installed,” Erceg told SecurityWeek. “As for CVE-2021-30593,” he added, “it would be easier to trigger with an extension, though a web page could trigger the behavior under some more restricted circumstances. The impact is similar to CVE-2021-30592, in that an attacker could potentially escape the sandbox if they could set up memory in the appropriate way before the out-of-bounds read occurs. This issue could also be exploited on its own, but it does require some more specific interaction from the user.” 

CVE-2021-30591, an after-free flaw within the File System API is yet another elevated vulnerability that Google paid out at $20,000. Reportedly, it was discovered by the Researcher SorryMybad of Kunlun Lab.

It is worthy to be noted that Google pays up to $20,000 for Chrome's vulnerabilities of escape sandbox revealed in a high-quality report. If researchers additionally offer a functioning exploit, they can receive up to $30,000 for such flaws. 

Consumers must upgrade Chrome as soon as possible, given that the web browser seems to be increasingly targeted for malicious activity. It is worth noting that this year, Google fixed over half a dozen of zero-day vulnerabilities that were being actively exploited.
Read more »
Security headers
Chrome Chrome Extensions Cyber Security Google Security headers

Research Reveals More Than 2000 Chrome Extensions Disabled Security Headers

 

Tens of thousands of Google Chrome extensions accessible from the official Chrome Online Store manipulate security headers on major websites, posing the danger of web attacks for visitors. 

Although the security headers are little known, they are a vital aspect of the present internet ecosystem. A key component of website security is the HTTP security header. When implemented, it protects users against the kinds of attacks most probably happening on the website. These headers protect XSS, injection code, clickjacking, etc. 

In many other cases, as per the research team, they examined CSP and other security headers, deactivated Chrome extensions “to introduce additional seemingly benign functionalities on the visited web page,” and didn't even look like it was nefarious in purpose. That is because Chrome's framework forces extensions in the name of security to do that, paradoxically. Standard extension code could access the DOM page, but no scripts on the page can interact. 

If a user has access to the website, the browser requests the webpage of a server. While websites per se are presented through HTML, JavaScript, and CSS code, website owners can direct the browser to handle the provided material in various ways by adding additional parameters in the HTTP connection header. 

While not all websites have security headers, many of today's leading Web services commonly incorporate them to protect their customers against attacks, as they frequently face more web-based attacks than conventional sites, because of their larger size. 

Although website managers are configuring their security headers, this does not mean that security headers are still in existence at the client-side where such things can be detected and prevented by attackers with a mid-range attack scheme, malware executing on an operating system, or browser extensions. 

Researchers at the CISPA Helmholtz Centre stated that they were trying to evaluate the number of Chrome extensions that have been damaged by the security for the first time headers. 

The research team has studied 186,434 Chrome extensions, which were accessible last year on the official Chrome Web Store, using a custom infrastructure they particularly developed for the research. 

Their analysis discovered that 2,485 extensions intercepted and altered at least one safety header used by the most famous today's Top 100 websites. The study focused on the four most prevalent safety headers: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame Options, and X-Content-Type Options. 

While 2485 extensions had disabled at least one, researchers found that 553 were deactivated by all 4 safety headers studied during their investigation. 

CSP, a security header created to enable site owners to regulate what internet resources a page can charge inside a browser as well as a standard defense to prevent websites and browsers from XSS and dataset injections, was the most widely blocked header for security concerns.
Read more »
User Privacy
Chrome Cyber Security FLoC Google User Privacy

Google Tricked Millions of Chrome Users in the Name of 'Privacy'

 

Google revealed last month that it is rolling out the Federated Learning of Cohorts (FLoC) program, an important part of its ‘Privacy Sandbox Project’ for Chrome. The company advertised FLoC as the latest, privacy-preserving option in Google Chrome to the third-party cookie.

But the real question is can Google truly preserve the privacy of its users? Well, the results of the FLoC trial don’t indicate that. Millions of Chrome users had no control of their involvement in the FLoC trial, they received no personal text, and, currently, they have no option to opt out from the FLoC trial. The only option to leave the trial is by blocking all third-party cookies on their Google Chrome browsers.

What is the FLoC program? 

FLoC is based on machine learning technology designed by Google and is meant to be an alternative to the kind of cookies that advertising technology firms use today to track you across the web. Instead of a personally-identifiable cookie, FLoC runs locally and examines your browsing pattern to group you into a cohort of like-minded people with similar interests (and doesn’t share your browsing history with Google). That cohort is particular enough to permit advertisers to do their thing and show you relevant ads, but without being so specific as to allow marketers to spot you personally. 

This "interest-based trial,” as Google likes to call it, allows you to hide within the crowd of users with similar interests. All the browser displays are cohort ID and all your browsing history and other data stay locally. Google has also started testing the FLoC cookie for some Chrome users which allows them to analyze the new system in an origin trial. 

Last month, Google’s FLoC trial announcement, gave Chrome users no alternative to quitting before the trial started. Instead, Google quietly started to expand its FLoC technology to Chrome users in the US, Canada, Mexico, Australia, New Zealand, Brazil, India, Japan, Indonesia, and the Philippines.

"When other browsers started blocking third-party cookies by default, we were excited about the direction, but worried about the immediate impact. Excited because we need a more private web, and we know third-party cookies aren’t the long-term answer. Overall we felt that blocking third-party cookies outright without viable alternatives for the ecosystem was responsible and even harmful, to the open and free web we all enjoy,” Marshall Vale, Google’s product manager, stated.
Read more »
Subscribe to: Posts (Atom)