Search This Blog

Showing posts with label Chrome Hacks. Show all posts

Casthack Exploits A Weakness In The Universal Plug And Play (Upnp) Networking Standard

Pair of ethical hackers known as CastHack have reportedly figured out how to hijack an apparent high number of Chromecast dongles cautioning their users about yet another security threat. This risk clearly attacks Google's Chromecast streaming devices driving users to play any YouTube video of the attacker’s choice.

The hackers, went on to display a message cautioning users about the security defect alongside a link clarifying how it can be fixed, at the same time requesting that users subscribe in to a prominent YouTuber PewDiePie.

CastHack exploits a shortcoming in the Universal Plug and Play (UPnP) networking standard in specific routers, which permits a part of the connected devices that are accessible on the web. The bug though, can be effectively fixed by disabling UPnP on the Internet router.

The company however says that it’s a 'flaw'  that influences the routers instead of the Chromecast itself, therefore it isn't Google's fault in the least.

Regardless, this new risk to Chromecast isn't the first as there have been many comparable issues before. To be specific in 2014 and 2016, when the security firm Bishop Fox had revealed that it could effectively gain control of a Chromecast by disengaging it from its present Wi-Fi system and returning it to a factory state and when another cyber security firm called Pen Test Partner affirmed that the gadget was as yet defenseless against such comparable attacks.

A New Trick discovered to block Visitors and Scare Non-Technical Users into Paying for Unneeded Software and Servicing Fees

The administrators of some technical support scam websites have discovered a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded programming or overhauling charges.

The trick depends on utilizing JavaScript code stacked on these vindictive pages to start thousands of file download tasks that rapidly take up the client/user's memory assets, solidifying or (freezing more likely) Chrome on the con scammer's webpage.

The trap is intended to drive the already panicked clients into calling one of the technical support telephone numbers that appear on the screen. A GIF of one of these noxious locales freezing a Chrome program running the most recent rendition (64.0.3282.140) is implanted underneath.

As per Jérôme Segura — Malware bytes leading expert in technical support scam operations and malvertising,—this new trick uses the JavaScript Blob strategy and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that stops Chrome.

The expert says the best way to get away from the technical support site is to close Chrome by means of Windows Task Manager.

At the point when the client restarts Chrome, if Chrome is designed to reload the previous session, Segura encourages clients to rapidly close the shady site while the page is loading and before the vindictive code has an opportunity to execute.

Segura says that he spotted technical support scammers mishandling this new trick after Google engineers fixed Chrome against a past system or a previous technique in other terms, that used the history.pushState API  to comparably freeze Chrome programs on shady sites.

This "download bomb" trap just works in Chrome, Segura said.

Clients arriving on a similar shady URLs yet utilizing different browsers are served diverse pages.

Likewise on the front of such shady sites pushing noxious content, clients ought to be aware about the other sites pushing counterfeit Adobe Flash Updates packages bound with CPU miners, yet in addition of comparable shady sites putting on a show to provide Mozilla Firefox updates.

Google Patched High-Risk Vulnerability in Chrome Browser

Google released chrome version 15.0.874.121 that fix the High-Risk Vulnerability in Javascript Engine named V8. This vulnerability is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution.

Google paid security researcher Christian Holler $1,000 for discovering and reporting this vulnerability.

Download the Latest Version From here: