Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Chrome. Show all posts
User Privacy
Chrome users Data collection Google Google Chrome Incognito mode Privacy User Privacy

Google to put Disclaimer on How its Chrome Incognito Mode Does ‘Nothing’


The description of Chrome’s Incognito mode is set to be changed in order to state that Google monitors users of the browser. Users will be cautioned that websites can collect personal data about them.

This indicates that the only entities that are kept from knowing what a user is browsing on incognito would be their family/friends who use the same device. 

Chrome Incognito Mode is Almost Useless

At heart, Google might not only be a mere software developer. It is in fact a business that is motivated through advertising, which requires it to collect information about its users and their preferences in order to sell them targeted advertising. 

Unfortunately, users cannot escape this surveillance just by switching to incognito. In fact, Google is paying a sum of $5 billion to resolve a class-action lawsuit filed against them, accusing the company of betraying its customers regarding the privacy assurance they support. Google is now changing its description of Incognito mode, which will make it clear that it does not really protect the user’s privacy. 

Developers can get a preview of what this updated feature exactly is, by using Chrome Canary. According to MSPowerUser, the aforementioned version of Chrome displayed a disclaimer when the user went Incognito, stating:

"You’ve gone Incognito[…]Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google."

(In the above statement, the text in bold is the new addition to the disclaimer.)

Tips for More Private Browsing 

Chrome remains one of the popular browsers, even Mac users can use Safari instead. Privacy is just one of the reasons Apple fans should use Safari instead of Chrome.) However, there are certain websites that users would prefer not to get added to their Google profile which has the rest of their private information. Thus, users are recommended to switch to Safari Private Browsing, since Apple does not use Safari to track its users (it claims to). 

Even better, use DuckDuckGo when you want to disconnect from the internet. This privacy-focused search engine and browser won't monitor or save the searches of its users; in fact, its entire purpose is to protect users' online privacy.  

Read more »
Software
ADHD Beyond Identity Cyberattacks Cybercrimes Cybersecurity Google Chrome Google Search History malware mental Health Software

Cybersecurity Concerns: When Mental Health Queries Become Malware Magnets

 


'Beyond Identity' recently published a study that showed that certain mental health search terms can open users up to the possibility of meeting malware as a result of their search. Using searches related to mental health that were high in volume, the study found that many of them were linked to programs that could steal data from devices or harm networks as well as cause damage to equipment.

In the report by "Beyond Identity", it was determined that the term "meditation music" is considered to carry a high level of critical risk. Therefore, users should be cautious when searching for this particular term in order to download music when using it as part of their meditation practice. 

Beyond Identity has also identified a number of terms that are considered medium or high risk. There are numerous ways of finding psychiatrists around us. This includes using search terms such as "psychiatrist near me," "virtual therapy," "mental health services," "ADHD treatment," "breathing exercises," "mindfulness meditation," "anxiety treatment," "depression treatment," and "how to meditate." 

As part of their research, it was also found that mental health terms rank second as the most dangerous malware terms of all, behind training and courses related to work. According to the data, this shows just how many bad actors are targeting people who are looking for online content and resources relating to their well-being in order to get their stuff. 

Beyond Identity conducted a research study on popular terms that received more than 6,000 searches in the U.S. during the last month. After this, it used a malware detector tool to analyze the first 50 non-sponsored links that Google Chrome returned in the results section as well as their origins. If a search is conducted in this manner, according to the algorithm used by the user, the top links may depend on that algorithm. 

There were links that were flagged as malicious if they blocked the malware detection tool, used outdated software, or contained software that was clearly malignant. There is a danger of malicious code being included in a website if the software is outdated or it is not equipped with a malware detection tool. 

There are a number of ways in which your device can get infected by malware, beginning with visiting a site that has malware, clicking on an ad that contains malware, interacting with pop-up ads, and downloading infected media files, software, or documents. In the process of searching for mental health information, users never want to end up infected with malicious software that can incite panic in users. There is nothing wrong with trusting only reputable websites and hospitals if the user is suspicious of their search results in search engines.
Read more »
Transport Layer Security
Certificate Monitoring Chromium Project Google Google Chrome Technology TLS Certificates Transport Layer Security

Companies May Now Prepare for a Shorter TLS Certificate Lifespans


Google put forth a proposal on March 3 to substantially reduce the Transport Layer Security (TLS) digital certificate's validity period from 398 days to 90 days. Apparently, this will lead to a lot of changes in how businesses manage their certificates, especially when it comes to automated processes.

The proposal made by the open-source organization that created the Google Chrome browser and Chrome OS, which is outlined in a road map titled "Moving Forward, Together," is a step forward toward assuring more dependable, resilient Web operations. However, it will require organizations to transform their certification processes.

Current State of Digital Certificate 

Over the past years, digital certificates' lifespan has decreased drastically, from five years in 2012 to just over two years in 2018 to 13 months, or 398 days, in July 2020. Particularly in a cloud-based computing environment where websites and services are continuously spun up and down to accommodate shifting needs and priorities, shorter lifespans assist in assuring the legitimacy of digital identities.

According to Google, the changes proposed will speed up the adoption of new features, such as best practices and additional security capabilities, and encourage businesses to abandon manual methods, that are filled with errors. Automation as a result would better prepare businesses for the onset of post-quantum cryptography.

A Wake-up Call for Certificate Monitoring

The Chromium Projects' proposal to the CA/Browser Forum, a grouping of certification authorities (CA), browser manufacturers, and others, would most likely go into force by the end of 2024 if it were to be accepted. The likelihood of a significantly shorter lifespan should act as a wake-up call for organizations, even though the changes are not final. The suggestion is unmistakable evidence that the rules of the game have changed, thus they need to have more control and visibility over their public keys and certificates.

Years ago, teams could obtain a certificate for something like a Web server and then essentially forget about it because certificates had a five-year lifespan. They never established a system for determining when certificates needed to be renewed or checked to see if they were about to expire, which might result in disruptions connected to certificates. Teams were eventually able to establish a routine and check for certificate expirations regularly thanks to the eventual reduction of certificate life to 398 days.

The visibility of TLS (also known as Secure Sockets Layer or SSL) certificates is crucial as businesses grow in the cloud. Additionally, teams need help managing the layered, increasingly complicated environments on the cloud. With the new validity period under consideration, the focus is now on automating the procedure.

The complete impact of Chromium Projects’ proposal is yet to be defined. It appears that there are a few unresolved issues, such as whether it may apply to the Internet of Things devices, such as, for instance, security cameras that also require certificates, or if it is restricted to simply Web servers.

Regardless of the outcome of the plan, it captures the realities of the current environment. While a shorter certificate lifespan is beneficial, businesses will need to reconsider how they will manage them effectively.  

Read more »
malware
Atomic macOS Malware BleepingComputer Credit Card Stealer Crytocurrency Google Chrome macOS malware

Atomic macOS Malware: New Malware Steals Credit Card Credentials in Chrome


A brand-new malware has apparently been targeting macOS. The malware, according to BleepingComputer, is named “Atomic” and was being sold to cybercriminals in darknet markets for $1,000 a month. 

A victim management UI that is simple to use and gives malicious actors access to very sensitive information, such as keychain passwords, cookies, files from local computers, and other information that may put victims in serious trouble, is provided by this ill-intentioned subscription.

What is Atomic Capable of? 

While Atomic is an information-stealing malware, it can drastically make its quarries much poorer. When cybercriminals buy Atomic, they receive a DMG file with a 64-bit Go-based malware program that can steal credit card information from browsers. This covers Yandex, Opera, Vivaldi, Microsoft Edge, Mozilla Firefox, and Google Chrome. 

After gaining access to a victim's Mac, Atomic may show a bogus password window asking users to enter their system passwords. As a result, attackers can access the target's macOS computer and cause havoc. 

Moreover, due to the activities of Atomic, cryptocurrency holders are particularly vulnerable. More than 50 well-known cryptocurrency extensions, including Metamask and Coinbase, are intended targets of this macOS malware. 

Atomic, unfortunately, has a tendency to go unnoticed. Only one malicious software detection was made by 59 anti-virus scanners. 

How can you Protect Yourself from Atomic macOS Malware? 

Thankfully, Atomic will not be hiding in any official macOS services. Atomic is disseminated by phishing emails, laced torrents, and social media posts by nefarious buyers. Some even use the influence of black SEO to lure Google users into downloading malicious software that poses as legitimate software. 

In case you are a crypto holder, it is best advised to use a well-known crypto hardware wallet in order to protect yourself from digital-asset thieves. Moreover, it has also been advised to not use software wallets, since that way valuable virtual currencies are majorly exposed. 

It has also been recommended to online users to remove their credit card information from Google Chrome by navigating to Settings > Autofill > Payment Methods. Tap on the three-dotted icons next to your credit cards and click on "Turn off virtual card." Go to pay.google.com, select Payment Methods, and then click "Remove" next to your credit cards to take things a step further.  

Read more »
Windows
Bitcoin Browser cryptocurrency Cyber Crime Google Chrome Phylum Threat actors Typosquatting Windows

Clipper Virus: 451 PyPI Packages Deploy Chrome Extensions to Steal Crypto


Threat actors have recently released more than 451 distinct Python packages on the official Python Package Index (PyPI) repository in an effort to infect developer systems with the clipper virus. 

The libraries were discovered by software supply chain security firm Phylum, which said the ongoing activity is a continuation of a campaign that was first made public in November 2022. 

How Did Threat Actors Use Typosquatting? 

In an initial finding, it was discovered that popular packages including beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow were being mimicked via typosquatting. 

For each of the aforementioned, the threat actors deploy between 13 and 38 typosquatting variations in an effort to account for a wide variety of potential mistypes that could lead to the download of the malicious package. 

In order to evade detection, the malicious actors deployed a new obfuscation tactic that was not being utilized in the November 2022 wave. Instead, they are now using a random 16-bit combination of Chinese ideographs for function and variable identifiers. 

Researchers at Phylum emphasized that the code makes use of the built-in Python functions and a series of arithmetic operations for the string generation system. This way, even if the obfuscation produces a visually striking outcome, it is not extremely difficult to unravel. 

"While this obfuscation is interesting and builds up extremely complex and highly obfuscated looking code, from a dynamic standpoint, this is trivial[…]Python is an interpreted language, and the code must run. We simply have to evaluate these instances, and it reveals exactly what the code is doing,” reads a Phylum report. 

Malicious Browser Extensions 

For taking control of the cryptocurrency transactions, the malicious PyPi packages create a malicious Chromium browser extension in the ‘%AppData%\Extension’ folder, similar to the November 2022 attacks. 

It then looks for Windows shortcuts pertaining to Google Chrome, Microsoft Edge, Brave, and Opera, followed by hijacking them to load the malevolent browser extension using the '--load-extension' command line argument. 

For example, a Google Chrome shortcut would be hijacked to "C:\Program Files\Google\Chrome\Application\chrome.exe --load-extension=%AppData%\\Extension". 

After the web browser is launched, the extension will load, and malicious JavaScript will monitor for cryptocurrency addresses copied to the Windows clipboard. When a crypto address is found, the browser extension will swap it out for a list of addresses that are hardcoded and under the control of the threat actor. By doing this, any sent cryptocurrency transaction funds will be sent to the wallet of the threat actor rather than the intended receiver. 

By including cryptocurrency addresses for Bitcoin, Ethereum, TRON, Binance Chain, Litecoin, Ripple, Dash, Bitcoin Cash, and Cosmos in this new campaign, the threat actor has increased the number of wallets that are supported. 

These findings illustrate the ever-emerging threats that developers face from supply chain attacks, with threat actors inclining to methods like typosquatting to scam users into installing fraudulent packages.  

Read more »
Websites
Android Google Chrome Location Mobile Security Mobile Security News Mobile Security Threats Websites

Change These Settings to Prevent Your Android From Tracking You

 


You are being watched at every turn in today's connected world. You can have different kinds of apps and websites to track and collect your data for a wide range of purposes, both for personal and commercial use. A prominent example of this can be seen when Apple utilizes your data to process your transactions. Twitter can serve you with relevant advertisements, and Life360 can help it improve its location services based on your information.

There are, however, some apps and websites that utilize your personal information for the greater good, but not all of them. The same applies to your privacy, so it is always a wise idea to protect it as much as possible. 

The steps below are designed to help you stop your Android device from tracking you if you are using one. This includes deleting your web and app activity history, turning off your apps' location access, and disabling unnecessary location settings. 

By taking advantage of your location history 

The GPS feature of your Android phone is probably the most powerful way to track your location when using the phone. By signing into your Google account and allowing Location History to be enabled, Google can keep track of every place you visit when you are signed in. Several benefits can be gained from it, such as personalized maps, traffic reports, and the ability to find your phone when it is lost. These can enhance your experience in many ways. 

On the other hand, if you do not want Google following you everywhere, you can turn off location history. Here are the steps you need to follow to do so: 

  • Open the Settings app on your mobile device.
  • Open the Google search engine.
  • On the Google Account page, tap on "Manage your Google Account."
  • Click on the tab labeled "Date & privacy."
  • Next, below the History settings, select Location History. 
  • After that tap the "Turn off" button. 
  • Eventually, a dialog box will pop up, tap on "Pause". 
Regardless of whether you wish to delete your Location History or not, you can do so. As a result, you can remove data from the last 3, 18, or 36 months. 

You can set up Google to automatically delete your account by following these steps: 

  • Open Google Maps. 
  • Click on your profile icon. 
  • Select the timeline you wish to delete. 
  • Towards the top-right corner, click on the More icon (three vertical dots). 
  • Select "Settings and privacy" from the menu.
  • Under "Location settings," choose "Automatically delete Location History." 
  • Select "Auto-delete activity older than." 
  • From the drop-down menu, choose either three, 18, or 36. 
  • Tap Next. 
  • Select Confirm. 
  • Tap on the "Got it" button to exit. 

Your data will be automatically deleted from your account within the next few days if it has been older than the specified months. 

Tracing web and app activity 

Several settings on your phone can save your location, including Location History. The Web & App Activity gives you the same information as well as a lot more. Whenever you decide to enable Web & App Activity in your Google Account (via Google), you will be able to see the information you have entered and the location, IP address, ads you clicked, and even the things you have purchased (by Google). The following steps will guide you through the process of turning off this setting: 
  • Launch your Settings app. 
  • Scroll down and tap on Google. 
  • Select "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under "History settings," select "Web & App Activity." 
  • Click the "Turn off" button to disable Web & App Activity. 
  • Tap on Pause.
  • Click "Got it" to exit. 
  • Back on the "Web & App Activity" page, tap on the "Choose an auto-delete option" to automatically delete saved data. 
  • Select "Auto-delete activity older than."
  • From the drop-down menu, choose whether to delete saved data older than three, 18, or 36 months.
  • Click on Next. 
  • Select Confirm. 
  • Tap on "Got it" to exit. 

Update your location settings 


Additionally, you should also make sure that settings for your phone's location are changed, as well as blocking Google from saving your location. The settings you can turn off include the following:

Location

Scanners that help you locate nearby Wi-Fi and Bluetooth devices: The phone can detect nearby Wi-Fi and Bluetooth devices so it can get better location information based on their locations.

Location Services for Emergency Responses: Provides emergency responders with the ability to pinpoint your location when an emergency occurs.

Using the sensors on your phone, Wi-Fi, and the network of your mobile device, Google Location Accuracy improves the location information provided by your phone.

The steps listed below will guide you through the process of managing these settings (via Google): 

  • Launch the Settings app. 
  • Select Location. 
  • Toggle the slider off for "Use location" on top of the screen. 
  • Select "Wi-Fi and Bluetooth sharing." 
  • Turn off the sliders for both "Wi-Fi scanning" and "Bluetooth scanning." 
  • Return to the Location screen by clicking the Back button.
  • Select Advanced.
  • Tap on Emergency Location Service. 
  • Toggle the slider off if you prefer to do so. 
  • Return to the Location screen. 
  • Tap on Google Location Accuracy. 
  • Toggle the slider off next to "Improve Location Accuracy." 

Edit your device's permissions 

Location access is required by the majority of apps, if not all, so that you can get the best possible experience. If you live in a place where Facebook uses your location as an algorithm, you will be able to automatically include it when you post about it, find nearby places, and receive relevant ads.

By navigating to settings > Location > App access to location (via Google), you will be able to see which apps have access to your location and how they do it. The apps here fall under three categories: permitted all the time, permitted only while in use, and not permitted at all. If you have apps under "allowed all the time" and "available only while in use" that you want to remove location access to, simply tap the app. Then, select "Don't allow." 

The app will perform closer to your actual location if you enable the "Use precise location" toggle button for Android 12. This is only available when the app is running on Android 12, and when it does it uses your exact location. By switching this off, you will be able to see your approximate location instead of your exact location when you turn this off. Your location will appear to be somewhere within a radius of three kilometers of the actual location of the device. 

Check your Google Chrome settings 

It is common for you to come across websites when you are browsing the internet that will wish to know where you are located. A certain amount of help can be obtained from this method in some cases. Using a hardware retailer's website, for example, will allow it to display the closest hardware store near you, based on the information you provided on the company's website. 

You can check what websites currently have access to your location from your Google Chrome (via Google).

  • Launch the app. 
  • Tap on the More icon (three vertical dots) in the top-right corner of the screen. 
  • Select Settings. 
  • Scroll down to the "Advanced" section. 
  • Tap on Site settings. 
  • Select Location. 
  • Expand the "Allowed" section to check all the apps that can see your location. 
It is very simple to remove a site's location access by simply tapping on the site you wish to remove it from. Next, select the Block option from the drop-down menu. In addition, you can also turn off the location-sharing feature of Google Chrome to prevent it from tracking your location at all. By disabling this feature, you do not have to share your location with any sites you visit. Alternatively, if you are particularly concerned about the security of your data, you can consider switching to Tor or Firefox as alternative Android browsers. 

The advertising ID should be turned off

In today's world, ads are becoming more and more sophisticated. After researching plaid skirts one day, the next day you will be bombarded with advertisements for plaid skirts that you have never seen before. The ads online act as if they are watching every move you make and know exactly what you like before they ever reach your computer. Here, you will find instructions on how to disable this feature on your Android device (via Google). 

  • Launch your Settings app. 
  • Open Google.
  • Tap on "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under Ad settings, tap on "Ad personalization." 
  • Toggle off the slider next to "Ad personalization is ON." 
  • Select Turn off in the pop-up box. 
  • Tap on "Got it" to exit. 

However, disabling ad personalization does not mean you will stop seeing ads moving forward. They will still be there, but the upside is that they will only be general ads, not creepy personalized ones. 

If you disable ad personalization from your device, you may still see ads in the future despite disabling them.
Read more »
virus
Chrome Extensions Cyber Attacks cybercriminals Cybersecurity Google Chrome Malicious Extension Malicious Threats Ransomware virus

Remove These Malicious Chrome Extensions With 1 Million Downloads

 


An extension for your browser can enhance your online experience in several ways. Translations, conversions, spellchecking, shopping, and blocking popup ads are some of the services they can assist you with. You can customize your browsing experience using these extensions, and you may even be able to alter the way websites are displayed. There are several popular extensions available for Chrome, but the dark mode is an example.

It is imperative to remember that not all extensions are safe. By giving them access to such information, such as your personal information, you are giving them a lot of power. 

Although some extensions store this data for convenience, others use it to track you or launch a cyberattack against your computer. A malicious Chrome extension was recently reported to have been downloaded 1.4 million times since it first appeared on our site.

The cybersecurity firm Guardio Labs reports that a newly discovered malicious advertising campaign has been discovered in which Chrome extensions are used to hijack web searches and embed affiliate links into any other websites you visit.

The company's security researchers have dubbed this advertising campaign "Dormant Colors" since all of the malicious extensions in question offer color customization options for Chrome, which makes them the right candidate for being dubbed a malicious advertising campaign. However, the extensions themselves do not include malicious code when installed. This is how they were able to bypass Google’s security checks and end up on the Chrome Web Store in the first place. 

Extensions for Google Chrome - Dormant Colors

Following a thorough investigation into this matter by Guardiothis campaign use ad, it was found that there were thirty different versions of these malicious browser extensions available on both the Chrome and Edge web stores with more than a million installations altogether. They have been removed from both web stores, as we mentioned before, but just in case, here is a complete list of all the products that have been removed:

• Action Colors 
• Power Colors 
• Nino Colors 
• More Styles 
• Super Colors 
• Mix Colors 
• Mega Colors 
• Get colors 
• What color 
• Single Color 
• Colors scale 
• Style flex 
• Background Colors 
• More styles 
• Change Color 
• Dood Colors 
• Refresh color 
• Imginfo 
• WebPage Colors 
• Hex colors 
• Soft view 
• Border colors 
• Colors mode 
• Xer Colors 

 Explanation of how to remove Chrome extensions manually 

There are several malicious extensions listed below that have since been removed, but you may need to manually remove them by clicking on the three dots menu at the top right-hand corner of your Chrome browser to remove them permanently. Upon clicking 'More', you will be taken to the More tools section where you will be able to access Extensions.

Making money by hijacking your browser to make money from clicks on the ads 

The cybercriminals behind this campaign use ads and redirects to trick unsuspecting users into installing their malicious extensions. This is done when they visit sites that offer the opportunity to play videos or download files. This is done so that they can then go one step further and download malicious extensions. 

There are two sites where you can watch videos or download programs. However, when you click the videos or download programs link, you are redirected to another site that requires you to add an extension before you can continue. It is quite likely that you will be prompted to install a color-changing extension when you click either the 'OK' button or the 'Continue' button. This extension initially seems harmless on the surface. 

The problem with these extensions is that once installed, their purpose is to redirect users to pages that redirect them to malicious scripts that side-load malicious scripts that show how to perform search hijacking for the extensions, but also that tell the extensions what sites affiliate links can be inserted on to generate affiliate revenue. The creator of these malicious extensions earns a lot of money from these advertisements, which are sold to third parties for profit, which is known as search data. 

It is also possible to use these Dormant Colors extensions for automatic redirects to the same page with affiliate links added to the URL of each page instead of redirecting users to an entirely different page. Whenever anyone purchases an extension on any of these sites, the developers of such an extension will receive a commission for their work. 

Guardia, in a blog post, tells that the malicious extension campaign may have the potential to spread further over the coming weeks. "As this campaign continues to run, it is shifting domains, generating a wide assortment of extensions, and re-inventing several color-and-style-changing functions you are sure to be able to do without."

It is also worth mentioning that the code injection technique analyzed here provides the mitigation and evasion measures necessary to contribute to further malicious activities in the future, especially since it is a huge infrastructure for mitigation and evasion. 

The most effective way to keep your browser from getting infected by malicious extensions 

The most appropriate time to make sure you have an effective antivirus solution installed on your laptop or PC is before you add any additions to your browser, especially if you plan on adding any new extensions to it. In this way, you will be able to protect yourself against malware infection or having your personal information stolen and misused. 

Additionally, when you install any extensions, be sure to only use trusted sources, such as the Chrome Web Store or the Microsoft Edge Add-ons store, as these are both reliable sources. The fact that malicious extensions do slip through the cracks from time to time does not change the fact that you are still safer when you install browser extensions from an official store rather than from the web.

Additionally, you should always ask yourself whether or not you need an extension before downloading it. Do you need it, or do you just want to use it? When you come across an extension that seems too good to be true, then you can be certain that it is and is not worth downloading. In addition to checking the extensions in your browser regularly, you might also want to consider adding new ones. 

You need to regularly take a look at the extensions you have installed in your browser and make sure they are still relevant. Delete any of these that you no longer need. Also, keep an eye out for any new ones you may not have noticed you have added without your knowledge. Using browser extensions, you can add all kinds of new features and options to your browser that are not available in its built-in functionality. 
Read more »
MFA
Botnet Cobalt Strike Cookies Data Breach Encryption Google Chrome MFA

Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks

Hackers on the internet keep getting better. Stealing cookies from recently completed or ongoing web sessions is one new strategy they have been employing to avoid multi-factor authentication (MFA). 

Recently, Sophos researchers reported a new attack technique that is already becoming more prevalent. According to the researchers, the "cookie-stealing cybercrime spectrum" is vast, encompassing entry-level hackers as well as sophisticated rivals who employ a variety of strategies. 

On dark web forums, cybercriminals purchase stolen credentials in bulk or collect cookies. Because ransomware groups exploit genuine executables, both those that are already present and those that are added as tools, 'their operations may not be detected by simple anti-malware defenses.'

Cookie theft

Cookies are used by cloud infrastructures as well for user authentication. It's becoming simpler for entry-level attackers to engage in credential theft thanks to the malware-as-a-service sector. 

For instance, all they need to do is purchase a copy of an information-stealing Trojan like Raccoon Stealer to bulk collect information like cookies and passwords and then sell them on illicit markets like Genesis. Once this data is purchased, other criminals in the attack chain, such as ransomware developers, can search through it for anything they think would help their attacks. 

In contrast hand, in two of the most recent events that Sophos studied, the attackers adopted a more focused strategy. For one event, the hackers infiltrated a target's network for months in order to collect cookies from the Microsoft Edge browser. The attackers employed Cobalt Strike and Meterpreter activity to take advantage of a legal compiler tool in order to scrape access tokens after the initial penetration occurred via an exploit kit.

The attackers dropped a malicious payload that scraped cookie files for a week using a legal Microsoft Visual Studio component.

"Although mass cookie theft has been an issue, hackers are using a far more focused and efficient method to steal cookies. There is no limit to the kinds of nefarious activities attackers might engage in with stolen session cookies now that so much of the workplace is web-based. Hackers have the power to alter cloud infrastructures, corrupt corporate email, persuade other staff members to download malware, and even modify product code. Their own imagination is their only constraint," said Sean Gallagher, principal threat researcher at Sophos.

Cookies Access Systems Against Safety Protocols

According to Digital Trends, hackers are able to abuse different online tools and services as a result of cookie theft. This exploitation can occur in browsers, web-based programs, web services, malware-infected emails, and ZIP files. Since cookies are so popular, hacking with them is a sophisticated practice.

Sophos lists Emotet botnet as one cookie-stealing virus that preys on data in the Google Chrome browser. Acquiring data from credit cards and saved logins are the objectives. Even if the browser is encrypted and uses multifactor authentication, the Emotet botnet can still gather login information.

Ransomware organizations also gather cookies. As hackers exploit genuine executables that are both already present and ones that can bring with them tools, simple anti-malware defenses are unable to detect their actions, according to eSecurity Planet.

Read more »
User Privacy
Botnet Conti Emotet Google Chrome malware Ransom Ransomware TrickBot Trojan User Data User Privacy

New Emotet Variant Capturing Users' Credit Card Data from Google Chrome

 

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to capture credit card information from Google Chrome user accounts. 

After obtaining credit card information (such as name, expiration month and year, and card numbers), the malware will transfer it to command-and-control (C2) servers that are not the same as those used by the Emotet card stealer module. 

The Proofpoint Threat Insights team said, "On June 6th, Proofpoint observed a new Emotet module being dropped by the E4 botnet. To our surprise, it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader." 

This shift in behaviour follows an increase in activity in April and a move to 64-bit modules, as discovered by the Cryptolaemus security research group. One week later, Emotet began using Windows shortcut files (.LNK) to run PowerShell instructions on victims' devices, abandoning Microsoft Office macros, which were disabled by default beginning in early April 2022. 

The re-emergence of Emotet malware:

In 2014, the Emotet malware was created and used in assaults as a banking trojan. It has developed into a botnet used by the TA542 threat group (also known as Mummy Spider) to deliver second-stage payloads. 

It also enables its operators to steal user data, conduct reconnaissance on compromised networks, and migrate laterally to susceptible devices. Emotet is renowned for deploying Qbot and Trickbot malware trojan payloads on infected PCs, which are then used to spread more malware, such as Cobalt Strike beacons and ransomware like Ryuk and Conti. Emotet's infrastructure was destroyed in early 2021 as part of an international law enforcement operation that also resulted in the arrest of two people.

When Emotet research organisation Cryptolaemus, computer security firm GData, and cybersecurity firm Advanced Intel all spotted the TrickBot malware being used to deliver an Emotet loader in November 2021, the botnet returned utilising TrickBot's previously established infrastructure.

According to ESET, Emotet's activity has increased more than 100-fold since the beginning of the year, with its activity rising more than 100-fold against T3 2021.
Read more »
Spectre
Bypass of Security constraints Cyber Security Google Chrome JavaScript Sensitive data Spectre

Spook.js: Chrome is Threatened by a New Spectre Like Attack

 

A newly found side-channel attack targeting Google Chrome might allow an attacker to use a Spectre-style attack to bypass the web browser's security protections and extract sensitive information. Spook.js is a novel transient execution side-channel attack that specifically targets Chrome. Despite Google's efforts to minimize Spectre by installing Strict Site Isolation, malicious JavaScript code can still extract information in some instances. 

An attacker-controlled webpage can learn which other pages from the same website a user is presently viewing, collect sensitive information from these pages, and even recover auto-filled login credentials (e.g., username and password). If a user downloads a malicious extension, the attacker may obtain data from Chrome extensions (such as credential managers). 

Spectre, which made news across the world in 2018, makes use of vulnerabilities in contemporary CPU optimization features to get around security measures that prohibit separate programmes from accessing one other's memory space. This enabled attackers to steal sensitive information across several websites by attacking how different applications and processes interact with processors and on-chip memory, allowing a wide range of attacks against different types of applications, including web apps. 

Strict Site Isolation was implemented by Google Chrome, which prohibits several web pages from sharing the same process. It also divided each process's address space into separate 32-bit sandboxes (despite being a 64-bit application). 

Site Isolation is a Chrome security feature that provides extra protection against some sorts of security vulnerabilities. It makes it more difficult for websites that aren't trustworthy to get access to or steal information from your accounts on other websites.

Despite these safeguards, Spook.js, according to researchers from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, "shows that these countermeasures are insufficient in order to protect users from browser-based speculative execution attacks." 

“More specifically, we show that Chrome’s Strict Site Isolation implementation consolidates webpages based on their eTLD+1 domain, allowing an attacker-controlled page to extract sensitive information from pages on other subdomains,” they said. "Next, we also show how to bypass Chrome’s 32-bit sandboxing mechanism. We achieve this by using a type confusion attack, which temporarily forces Chrome’s JavaScript engine to operate on an object of the wrong type."

“Web developers can immediately separate untrusted, user-supplied JavaScript code from all other content for their website, hosting all user-supplied JavaScript code at a domain that has a different eTLD+1," the study recommended. “This way, Strict Site Isolation will not consolidate attacker-supplied code with potentially sensitive data into the same process, putting the data out of reach even for Spook.js as it cannot cross process boundaries."
Read more »
Vulnerability and Exploits
Chrome Google Google Chrome Patch Fix Vulnerability and Exploits

Chrome 92 Update by Google Patches 10 High Severity Vulnerabilities

 

Chrome 92 (92.0.4515.131), the Google security update issued for Windows, Mac, and Linux has patched at least 10 vulnerabilities. Chrome 92, is an update that improves browser efficiency on phish calculations, extends the scope of user website isolation technologies, and includes a few new 'Chrome Actions' to the repertory. 

The search giant established in California has awarded over $133,000 in rewards to users who identified some 35 vulnerabilities addressed in Chrome 92. At least 9 of the flaws were categorized under high severity, the current highest threat level from Google. 

The 360 Alpha Lab team from the Chinese cybersecurity company Qihoo 360's researchers Leecraso and Guang Gong have won $20,000 for detecting a high-severity vulnerability identified as CVE-2021-30590. The issue was described as a bookmark buffer overflow by Google. 

Leecraso told the SecurityWeek team that, CVE-2021-30590 is an issue of sandbox escape that could be "exploited with an extension or a compromised renderer." An intruder can exploit the fault to remotely execute code outside of the sandbox of Chrome. The vulnerability might be leveraged to breakout from the browser's sandbox because of its out-of-bounds write. And it would only need the user to download the extension to take advantage of. 

Google Chrome Sandbox is a creation and test environment for Google Chrome-based applications developers. A test and staging infrastructure is provided by the sandbox environment without the code getting tested for modifications to current code and databases. 

Two vulnerabilities uncovered by researcher David Erceg have also been rated with a high level of severity. CVE-2021-30592, characterized as an off-bound writing problem on Google's Tab Groups, rewarded him $10,000, while CVE-2021-30593 has earned him a $5,000 bug reward, which was defined as an out-of-bounds read bug in Tab Strips. 

“CVE-2021-30592 would require a malicious extension to be installed,” Erceg told SecurityWeek. “As for CVE-2021-30593,” he added, “it would be easier to trigger with an extension, though a web page could trigger the behavior under some more restricted circumstances. The impact is similar to CVE-2021-30592, in that an attacker could potentially escape the sandbox if they could set up memory in the appropriate way before the out-of-bounds read occurs. This issue could also be exploited on its own, but it does require some more specific interaction from the user.” 

CVE-2021-30591, an after-free flaw within the File System API is yet another elevated vulnerability that Google paid out at $20,000. Reportedly, it was discovered by the Researcher SorryMybad of Kunlun Lab.

It is worthy to be noted that Google pays up to $20,000 for Chrome's vulnerabilities of escape sandbox revealed in a high-quality report. If researchers additionally offer a functioning exploit, they can receive up to $30,000 for such flaws. 

Consumers must upgrade Chrome as soon as possible, given that the web browser seems to be increasingly targeted for malicious activity. It is worth noting that this year, Google fixed over half a dozen of zero-day vulnerabilities that were being actively exploited.
Read more »
XCSSET malware
Google Chrome macOS malware skype Telegram XCSSET malware

XCSSET, a MacOS malware, Targets Google Chrome and Telegram Software

 

As part of further "refinements in its tactics," a malware notorious for targeting the macOS operating system has been updated to add more elements to its toolset that allow it to accumulate and exfiltrate sensitive data saved in a range of programmes, including apps like Google Chrome and Telegram. This macOS malware can collect login credentials from a variety of apps, allowing its operators to steal accounts. 

XCSSET was discovered in August 2020, when it was found to be targeting Mac developers using an unusual method of propagation that entailed injecting a malicious payload into Xcode IDE projects, which is executed when the project files are built in Xcode. XCSSET collects files containing sensitive information from infected computers and delivers them to the command and control (C2) server. 

Telegram, an instant messaging service, is one of the apps that has been attacked. The virus produces the “telegram.applescript” archive in the Group Containers directory for the “keepcoder.Telegram” folder. By obtaining the Telegram folder, the hackers are able to log into the messaging app as the account's legal owner. The attackers gain access to the victim's account by moving the stolen folder to another machine with Telegram installed, according to Trend Micro researchers. Normal users have read and write permissions to the Application sandbox directory, XCSSET can steal sensitive data this way. 

The malware can read and dump Safari cookies, inject malicious JavaScript code into multiple websites, steal information from programmes like Notes, WeChat, Skype, and Telegram, and encrypt user files, among other things. Earlier this month, XCSSET received an update that allowed malware developers to target macOS 11 Big Sur as well as Macs with the M1 chipset by getting beyond Apple's new security standards in the current operating system. 

"The malware downloads its own open tool from its C2 server that comes pre-signed with an ad-hoc signature, whereas if it were on macOS versions 10.15 and lower, it would still use the system's built-in open command to run the apps," Trend Micro researchers previously noted. 

According to a new report released by the cybersecurity firm on Thursday, XCSSET uses a malicious AppleScript file to compress the Telegram data folder ("/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram") into a ZIP archive file before uploading it to a remote server under their control, allowing the threat actor to log in using the victim's account. 

"The discovery of how it can steal information from various apps highlights the degree to which the malware aggressively attempts to steal various kinds of information from affected systems," the researchers said.
Read more »
SVR
Cyber Security Google Chrome Internet Explorer Linkedin Safari SVR

With Safari Zero-Day Attacks, Russian SVR Hackers Targeted LinkedIn Users

 

Google security experts revealed details on four zero-day vulnerabilities that were undisclosed until they were exploited in the wild earlier this year. After discovering exploits leveraging zero-day vulnerabilities in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser, Google Threat Analysis Group (TAG), and Google Project Zero researchers discovered the four security issues. 

CVE-2021-21166 and CVE-2021-30551 in Chrome, CVE-2021-33742 in Internet Explorer, and CVE-2021-1879 in WebKit were the four zero-day exploits found by Google researchers earlier this year while being abused in the wild. "We tie three to a commercial surveillance vendor arming govt backed attackers and one to likely Russian APT," Google Threat Analysis Group's Director Shane Huntley said. "Halfway into 2021, there have been 33 0-day exploits used in attacks that have been publicly disclosed this year — 11 more than the total number from 2020," Google researchers added. "While there is an increase in the number of 0-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend." 

Despite the fact that the zero-day flaws for Chrome and Internet Explorer were developed and sold by the same vendor to customers all over the world looking to improve their surveillance capabilities, they were not employed in any high-profile operations. The CVE-2021-1879 WebKit/Safari bug, according to Google, was used "to target government officials from Western European countries by sending them malicious links," via LinkedIn Messaging. 

The attackers were part of a likely Russian government-backed actor employing this zero-day to target iOS devices running older versions of iOS (12.4 through 13.7), according to Google experts. While Google did not link the exploit to a specific threat group, Microsoft claims it is Nobelium, the state-sponsored hacking group responsible for the SolarWinds supply-chain attack that resulted in the compromise of numerous US federal agencies last year. 

Volexity, a cybersecurity firm, also attributed the attacks to SVR operators based on strategies used in earlier attacks dating back to 2018. In April, the US government charged the Russian Foreign Intelligence Service (aka SVR) for conducting "a broad-scale cyber-espionage campaign" through its hacking group known as APT29, The Dukes, or Cozy Bear. The attacks were designed to "collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo and send them via WebSocket to an attacker-controlled IP," according to Google.
Read more »
SMS
Credential stealing Cyber Attacks Google Chrome phishing SMS

Fake Chrome App is Being Used as Part of a Cyberattack Campaign

 

According to researchers at cybersecurity company Pradeo, a new Android malware has been discovered that imitates the Google Chrome software and has already infected hundreds of thousands of smartphones. The hazard has been labeled a "Smishing Trojan" by the researchers. 
 
According to the researchers, the false Google Chrome app is part of a smartphone attack campaign that uses phishing to steal your credit card information. By downloading the fake software, the device becomes a part of the attack campaign as well. 

“The malware uses victims’ devices as a vector to send thousands of phishing SMS. We evaluate that the speed at which it is spreading has enabled it to already target hundreds of thousands of people in the last weeks. ”, said the researchers in their ‘Security Alert’ post on their website. 

The assault begins with a simple "smishing" gambit, according to Pradeo researchers: targets receive an SMS text telling them to pay "custom fees" to open a package delivery. If they fall for it and press, a message appears informing them that the Chrome app needs to be updated. If they accept the order, they'll be directed to a malicious website that hosts the phony app. It is, in reality, ransomware that is downloaded into their phones. 

After the ostensible "update," victims are directed to a phishing list, which completes the social engineering: According to the study, they are asked to pay a small sum (usually $1 or $2) in a less-is-more strategy, which is of course just a front to collect credit card information.

“Attackers know that we’re accustomed to receiving alerts of all types on our smartphones and tablets,” Hank Schless, senior manager of security solutions at Lookout said. “They take advantage of that familiarity to get mobile users to download malicious apps that are masked as legitimate ones.” 

The campaign is especially risky, according to Pradeo researchers, because it combines an effective phishing tactic, dissemination malware, and multiple security-solution bypasses. “The attack could be the work of a regular level but very ingenuous cybercriminal,” Pradeo’s Roxane Suau said. “All the techniques (code concealment, smishing, data theft, repackaging…) used separately are not advanced, but combined they create a campaign that is hard to detect, that spreads fast and tricks many users.”
Read more »
Vulnerabilities and Exploits
CISA Firefox Google Chrome Vulnerabilities and Exploits

Critical Bugs in Firefox and Chrome Allow Exploitation

 

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) asked clients of Mozilla Foundation's Firefox browser and Windows, macOS, and Linux clients of Google's Chrome browser to fix bugs, traced as CVE-2020-16044 and CVE-2020-15995 respectively. 

The vulnerability of CVE-2020-16044 is classified as a use-after-free bug and attached to the manner in which Firefox handles browser cookies and whenever exploited permits hackers to access the computer, telephone, or tablet running the browser software. Affected are Firefox browser renditions released before the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition, and furthermore Mozilla's corporate ESR 78.6.1 version of Firefox. "A pernicious peer might have altered a COOKIE-ECHO chunk in a SCTP packet in a way that conceivably resulted in a use-after-free. We assume that with enough effort it might have been exploited to run arbitrary code," as indicated by a Mozilla security notice.

SCTP stands for Stream Control Transmission Protocol, utilized in computer networking to communicate protocol data inside the Transport Layer of the internet protocol suite, or TCP/IP. A COOKIE ECHO chunk is a snippet of information sent during the initialization of the SCTP association with the browser.

Google's Chrome browser bug CVE-2020-15995 was affecting the current 87.0.4280.141 rendition of the software. The CISA-bug cautioning expressed that the update to the most recent version of the Chrome browser would "addresses vulnerabilities that an attacker could exploit to take control of a tainted system." Microsoft's most recent Edge browser depends on Google Chromium browser engine, Microsoft additionally encouraged its clients to update to the most recent 87.0.664.75 rendition of its Edge browser.

While researchers at Tenable group called the out-of-bounds bug as critical, both Google and Microsoft characterized the vulnerability as being of high seriousness. Tencent Security Xuanwu Lab scientist Bohan Liu is credited for finding and detailing the bug. The CVE-2020-15995 is distinguished as an "out of bounds written in V8", a bug initially found in September 2020 by Liu. V8 is Google's open-source and high-performance JavaScript and WebAssembly engine, as indicated by a Google developer description. Neither Microsoft nor Google clarified why the September 2020 CVE-2020-15995 is being highlighted again in both their security bulletins. Typically, that means that the first fix was incomplete.
Read more »
Mozilla Firefox
Backspace Key Cyber Security Google Chrome Microsoft Mozilla Firefox

Mozilla Firefox Disabling Backspace Key to Prevent Data Loss

Mozilla Firefox is about to disable the browser's backspace key to help users avoid data loss. 

In 2014, Google Chrome and Microsoft Edge have already removed the ability to go back to a previous page by using the backspace key as there were possibilities of losing data entered into forms on the current page. Those who are using Google Chrome have to download an extension to use this again, whereas Microsoft Edge had offered a flag for its users to re-active it. In the same way, Mozilla Firefox is also offering its users the option to re-activate the backspace key if they wish to do so. 

"Would be useful to determine how commonly backspace is used as a "back" action shortcut, so we can figure out if we need to tweak the UX somehow to avoid accidental loss of form data due to mistyping the backspace key," Google Chrome developers stated in a 2014 bug post. 

According to the sources, seven years ago, Mozilla Firefox had set up the committee and reviewed the bug post: whether the backspace key should be disabled or not. Finally, the committee had decided not to change anything at that time. Around six years later, Mozilla finally came to the point where it has decided to remove the backspace key after realizing that except for Mozilla and Internet Explorer 11, no browsers support this keyboard shortcut. 

"To prevent user data loss when filling out forms, the Backspace key as a navigation shortcut for "Go back one page" is now disabled. To re-enable the Backspace keyboard shortcut, you can change the about: config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead," Firefox Release Manager Pascal Chevrel added to the Firefox Nightly 86.0a1 release notes. 

According to TechDows, the first who reported about this change which is now available live on the Firefox browser for users to test and know. 
Further information is for those users who want to continue using the backspace key, you will be able to re-enable this key just follow these steps: 

1. Enter about: config in the Firefox address bar. 
2. Search for browser.backspace_action and change its value to '0'. 

Once the setting is configured, you will be able to use the backspace key to go back to the previous page in Mozilla Firefox.
Read more »
Vulnerabilities and Exploits
CVE vulnerability Google Google Chrome Security Bug Vulnerabilities and Exploits

Google Chrome Receives Second Patch for Serious Zero-Day Bug in Two Weeks

Google has recently introduced a fix for another zero-day bug in its Chrome browser and has also released a new security update for desktops. The bug (CVE-2020-16009) that affected the V8 component of the Chrome browser was discovered by Clement Lecigne and Samuel Groß of Google's Threat Analysis Group (TAG) and Google Project Zero respectively. 


 
While addressing the abovementioned flaw for the machines running on Mac, Windows, and Linux, Google released the Google Chrome security patch version 86.0.4240.183. The tech giant further told that the bug when exploited allowed the threat actors to bypass and escape the Chrome security sandbox on Android smartphones and run code on the underlying operating system. 

Google denied disclosing any details of the bug that had been exploited actively in the wild, as a lot of users have not updated yet; it's a part of Google's privacy policy. It prevents attackers from developing exploits alongside and gives users more time to get the updates installed. While Google's TAG hasn't confirmed if the threat actors behind the two bugs were the same, it assured that the acts were not motivated by the ongoing US presidential elections. 
 
Furthermore, a critical memory corruption flaw under active exploitation in the Google Chrome browser (CVE-2020-15999) was identified by the researchers at Google's TAG, who also told that this zero-day vulnerability was under attack in combination with CVE-2020-17087, windows zero-day. The zero-day vulnerability identified as CVE-2020-15999 affected the FreeType font rendering library, thereby demanding attention from all services making use of this library. 
 
Additionally, the latest security update will also allow users to experience a more stable and improved Chrome browser in terms of performance. 
 
In a blog post published on 2nd November, Google said, "The stable channel has been updated to 86.0.4240.183 for Windows, Mac, and Linux which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues." 

"Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the blog further stated.
Read more »
Vulnerabilities and Exploits
Apple Firefox Google Chrome Safari Safari Browser Apple Vulnerabilities and Exploits

Mobile Versions of Several Browsers Found Vulnerable to Address Bar Spoofing Flaws

 

Several mobile browsers including Firefox, Chrome, and Safari were found vulnerable to an ‘address bar spoofing’ flaw which when exploited could allow a threat actor to disguise a URL and make his phishing page appear like a legitimate website, according to a report published by cybersecurity company Rapid7 which reportedly worked in collaboration with Rafay Baloch - an independent security researcher who disclosed ten new URL spoofing vulnerabilities in seven browsers. 
 
The browsers were informed about the issues in August as the vulnerabilities surfaced earlier this year; some of the vendors took preventive measures - patching the issues beforehand while others left their browsers vulnerable to the threat. 
 
Notably, the Firefox browser for Android has already been fixed by Mozilla, and for those who haven’t updated it yet make sure you do it now. While Google’s Chrome Browser on both Android and iOS is still vulnerable to the threat and is unlikely to be patched until September. Other affected browsers include Opera Touch, UC Browser, Yandex Browser, RITS Browser, and Bolt Browser. 

In order to execute an address bar spoofing attack, the attacker alters the URL which is displayed onto the address bar of the compromised web browser which is configured to trick victims into believing that the website they are browsing is monitored by an authenticated source. However, in reality, the website would be controlled by the attackers carrying out the spoofing attack. The attacker can trick his victims into providing their login details or other personal information by making them think as they are connected to a website like Paypal.com. 
 
“Exploitation all comes down to, "Javascript shenanigans." By messing with the timing between page loads and when the browser gets a chance to refresh the address bar, an attacker can cause either a pop-up to appear to come from an arbitrary website or can render content in the browser window that falsely appears to come from an arbitrary website”, the report explained. 
 
“With ever-growing sophistication of spear-phishing attacks, exploitation of browser-based vulnerabilities such as address bar spoofing may exacerbate the success of spear-phishing attacks and hence prove to be very lethal,” Baloch further told.
Read more »
Vulnerabilities and Exploits
Google Google Chrome Security Updates Vulnerabilities and Exploits

Google Confirms Two New High-Severity Vulnerabilities in Chrome 81


The new Chrome 81 version released on April 7th by Google for Windows, Mac, and Linux primarily focused on security owing to the vulnerability users are subjected to due to the coronavirus pandemic. The launch of the update was delayed for similar reasons. It brought along new features, bug fixes, and over 30 security flaw patches from Google's security researchers and some experts from outside.

The new Chrome 81 version is being promoted to the Stable channel, meanwhile, Chrome 83 and Chrome 84 will be promoted to the Beta version and the Canary version respectively. As per sources, Chrome 82 will be disregarded because of the COVID-19 charged atmosphere, and all progress from the version will be channelized into the subsequent version, Chrome 83.

While warning users of more security flaws in Chrome 81, Google confirms two new high-severity vulnerabilities infecting the web browser. As these new security exploits could allow hackers to run commands over an affected system by gaining unauthorized control, users worldwide are being advised by the U.S Cybersecurity and Infrastructure Security Agency (CISA) to apply the latest update launched by the company in defense against these security vulnerabilities.

Both of the aforementioned security vulnerabilities were reported by Zhe Jin from Qihoo 360, a Chinese internet security services provider; for one of these, Jin received a bounty of $10,000 for CVE-2020-6462 which is a use-after-free error in the Chrome task scheduling component. The second one, CVE-2020-6461 was also of a similar use-after-free form but this one affected storage, according to the update notice from Prudhvikumar Bommana, Google Chome Technical Program Manager. 

Google has confirmed that the update will be pushed for all the users in the upcoming days and weeks, however, users are advised to remain proactive and keep looking up for updates to be applied manually by going to Help | About Google Chrome, where you can find the version you are currently running and an option to check for further updates. After installing the latest version, simply restart the web browser, and there you go being safeguarded against both the flaws.
Read more »
Technology News
Chrome Extension Chrome Web Store Google Google Chrome Technology Technology News

Google Stops Displaying Security Warnings in Microsoft Edge, No Longer Recommends Switching to Chrome


Google has stopped advising Microsoft Edge users to switch to Chrome for a more secure experience as the browser extensions crafted for Google's Chrome web browser are also suitable for the new Microsoft's new Edge browser based on Chromium.

It appeared like Google stoked the flames of browser wars when it subtly encouraged Edge users to shift to Chrome by displaying warnings of potential security threats. The alert displayed by Google read that it "recommends switching to Chrome to use extensions securely". A developer at Edge revealed that the new Microsoft Edge is designed to effectively safeguard its users from malicious extensions, that said, Edge already had Windows Defender Smart Screen and Unwanted Application protection built-in.

Whenever a user visited the Chrome Web Store via the new Microsoft Edge, Google displayed a message in yellow at the top of the webpage recommending users to switch to Chrome in order to use extensions with added safety. However, seemingly, as soon as Google realized that greeting users with a warning message which clearly implied that Microsoft Edge is less secure of a browser is not making them look good, the tech giant softened and decided to take the alert down. Not only that, Google went a step ahead and replaced the previously displayed warning with a fresh one that tells users that now they can add extensions to Microsoft Edge from the Chrome Web Store.

However, still, officially only a few extensions are supported by Microsoft Edge as the installation of all these extensions for the first will seem to be a bit complex. Users need to enable 'allow extensions' from other stores via the settings page. On attempting to do that, Microsoft warns that it doesn't verify extensions downloaded from third-party stores and cautions that doing the same may cause performance issues in Edge. Then it suggests users get verified extensions from Microsoft Edge add-ons site. As soon as the users allow extensions by clicking on 'Allow', they will be able to add extensions to Edge from Chrome Web Store.
Read more »
Subscribe to: Posts (Atom)