Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Browser Vulnerability. Show all posts

CrossBarking Exploit in Opera Browser Exposes Users to Extensive Risks

 

A new browser vulnerability called CrossBarking has been identified, affecting Opera users through “private” APIs that were meant only for select trusted sites. Browser APIs bridge websites with functionalities like storage, performance, and geolocation to enhance user experience. Most APIs are widely accessible and reviewed, but private ones are reserved for preferred applications. Researchers at Guardio found that these Opera-specific APIs were vulnerable to exploitation, especially if a malicious Chrome extension gained access. Guardio’s demonstration showed that once a hacker gained access to these private APIs through a Chrome extension — easily installable by Opera users — they could run powerful scripts in a user’s browser context. 
The malicious extension was initially disguised as a harmless tool, adding pictures of puppies to web pages. 

However, it also contained scripts capable of extensive interference with Opera settings. Guardio used this approach to hijack the settingsPrivate API, which allowed them to reroute a victim’s DNS settings through a malicious server, providing the attacker with extensive visibility into the user’s browsing activities. With control over the DNS settings, they could manipulate browser content and even redirect users to phishing pages, making the potential for misuse significant. Guardio emphasized that getting malicious extensions through Chrome’s review process is relatively easier than with Opera’s, which undergoes a more intensive manual review. 

The researchers, therefore, leveraged Chrome’s automated, less stringent review process to create a proof-of-concept attack on Opera users. CrossBarking’s implications go beyond Opera, underscoring the complex relationship between browser functionality and security. Opera took steps to mitigate this vulnerability by blocking scripts from running on private domains, a strategy that Chrome itself uses. However, they have retained the private APIs, acknowledging that managing security with third-party apps and maintaining functionality is a delicate balance. 

Opera’s decision to address the CrossBarking vulnerability by restricting script access to domains with private API access offers a practical, though partial, solution. This approach minimizes the risk of malicious code running within these domains, but it does not fully eliminate potential exposure. Guardio’s research emphasizes the need for Opera, and similar browsers, to reevaluate their approach to third-party extension compatibility and the risks associated with cross-browser API permissions.


This vulnerability also underscores a broader industry challenge: balancing user functionality with security. While private APIs are integral to offering customized features, they open potential entry points for attackers when not adequately protected. Opera’s reliance on responsible disclosure practices with cybersecurity firms is a step forward. However, ongoing vigilance and a proactive stance toward enhancing browser security are essential as threats continue to evolve, particularly in a landscape where third-party extensions can easily be overlooked as potential risks.


In response, Opera has collaborated closely with researchers and relies on responsible vulnerability disclosures from third-party security firms like Guardio to address any potential risks preemptively. Security professionals highlight that browser developers should consider the full ecosystem, assessing how interactions across apps and extensions might introduce vulnerabilities.

Google Chrome Users at Risk: Study Reveals Dangerous Extensions Affecting 280 Million

 

A recent study has unveiled a critical security threat impacting approximately 280 million Google Chrome users who have installed dangerous browser extensions. These extensions, often masquerading as useful tools, can lead to severe security risks such as data theft, phishing, and malware infections. 

The research highlights that many of these malicious extensions request excessive permissions, granting them access to sensitive user data, the ability to monitor online activities, and even control over browser settings. This exposure creates significant vulnerabilities, enabling cybercriminals to exploit personal information, which could result in financial losses and privacy invasions. In response, Google has been actively removing harmful extensions from the Chrome Web Store. 

However, the persistence and evolving nature of these threats underscore the importance of user vigilance. Users are urged to carefully evaluate the permissions requested by extensions and consider user ratings and comments before installation. Cybersecurity experts recommend several proactive measures to mitigate these risks. Regularly reviewing and removing suspicious or unnecessary extensions is a crucial step. Ensuring that the browser and its extensions are updated to the latest versions is also vital, as updates often include essential security patches. Employing reputable security tools can further enhance protection by detecting and preventing malicious activities associated with browser extensions. 

These tools provide real-time alerts and comprehensive security features that safeguard user data and browsing activities. This situation underscores the broader need for increased cybersecurity awareness. As cybercriminals continue to develop sophisticated methods to exploit browser vulnerabilities, both users and developers must remain alert. Developers are encouraged to prioritize security in the creation and maintenance of extensions, while users should stay informed about potential threats and adhere to best practices for safe browsing. 

The study serves as a stark reminder that while browser extensions can significantly enhance user experience and functionality, they can also introduce severe risks if not managed correctly. By adopting proactive security measures and staying informed about potential dangers, users can better protect their personal information and maintain a secure online presence. 

Ultimately, fostering a culture of cybersecurity awareness and responsibility is essential in today’s digital age. Users must recognize the potential threats posed by seemingly harmless extensions and take steps to safeguard their data against these ever-present risks. By doing so, they can ensure a safer and more secure browsing experience.

Google Patches Around 100 Security Bugs


Updates were released in a frenzy in December as companies like Google and Apple scrambled to release patches in time for the holidays in order to address critical vulnerabilities in their devices.

Giants in enterprise software also released their fair share of fixes; in December, Atlassian and SAP fixed a number of serious bugs. What you should know about the significant updates you may have missed this month is provided here.

iOS for Apple

Apple launched iOS 17.2, a significant point update, in the middle of December. It included 12 security patches along with new features like the Journal app. CVE-2023-42890, a bug in the WebKit browser engine that could allow an attacker to execute code, is one of the issues patched in iOS 17.2.

According to Apple's support page, there is another vulnerability in the iPhone's kernel, identified as CVE-2023-4291, that might allow an app to escape its safe sandbox. In the meantime, code execution may result from two ImageIO vulnerabilities, CVE-2023-42898 and CVE-2023-42899.

According to tests conducted by ZDNET and 9to5Mac, the iOS 17.2 update also implemented a technique to stop a Bluetooth attack using a penetration testing tool called Flipper Zero. An iPhone may experience a barrage of pop-ups and eventually freeze up due to a bothersome denial of service cyberattack.

Along with these updates, Apple also launched tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, and iOS 16.7.3.

Android by Google

With the fixes for around 100 security problems, the Google Android December Security Bulletin was quite extensive. Two serious Framework vulnerabilities are patched in this update; the most serious of them might result in remote privilege escalation without the requirement for additional privileges. According to Google, user engagement is not required for exploitation.

While CVE-2023-40078 is an elevation of privilege bug with a high impact rating, CVE-2023-40088 is a major hole in the system that could allow for remote code execution.

Additionally, Google has released an update to address CVE-2023-40094, an elevation of privilege vulnerability in its WearOS platform for smart devices. As of this writing, the Pixel Security Bulletin has not been published.

Chrome by Google

Google released an urgent patch for its Chrome browser to cap off a busy December of upgrades in style. The open source WebRTC component contains a heap buffer overflow vulnerability, or CVE-2023-7024, which is the ninth zero-day vulnerability affecting Chrome in 2024. In an advisory, Google stated that is "aware that an exploit for CVE-2023-7024 exists in the wild."

It was not the first update that Google made available in December. In mid-month, the software behemoth also released a Chrome patch to address nine security flaws. Five of the vulnerabilities that were found by outside researchers are classified as high severity. These include four use-after-free problems, a type misunderstanding flaw in V8, and CVE-2023-6702.

Microsoft

More than 30 vulnerabilities, including those that allow remote code execution (RCE), are fixed by Microsoft's December Patch Tuesday. CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6, is one of the critical solutions. An attacker may be able to deceive the victim by manipulating a malicious link, software, or file. To be compromised, though, you would need to click on a URL that has been carefully constructed.

In the meantime, the Windows MSHTML Platform RCE issue CVE-2023-35628 has a CVSS score of 8.1, making it classified as critical. Microsoft stated that an attacker may take advantage of this vulnerability by sending a specially constructed email that would activate immediately when it is fetched and processed by the Outlook client. This might result in exploitation even before the email is seen in Preview  Pane.

You Should Be Concerned Regarding Browser Modifiers; Here's Why

 

Have you recently noticed anything strange about your browser? Possibly Google used to be the default homepage; but, these days, when you click the home button, a strange page, a white screen, or an error page is loaded instead. And to make matters worse, you are currently experiencing an annoying increase in pop-up advertisements. You may be dealing with a browser modifier if the annoyances you've been experiencing primarily occur in the browser. 

Exactly what are browser modifiers

A less well-known but nevertheless annoying category of spyware called a "browser modifier" messes with how you access the internet. They are made to alter browser preferences, notably those for turning off pop-up advertising, the homepage, default search engines, and file download defaults. Additionally, browser modifiers might add add-ons without your knowledge and create a backdoor for more sophisticated malware to attack your system. 

This kind of malware is distributed by attackers who use social engineering strategies to deceive potential victims into installing it. When people attempt to close pop-up advertisements, browsers frequently become infected. You know those advertisements with the tiny "x" button that, when you click on them, transport you to a page for sports betting or accomplish something completely different. This technique is used by shady websites to engage in click fraud. On file-sharing websites, clicking bogus download buttons can also result in infections. 

Modus operandi

A browser modification can have impacts on your device that are either so audible that you quickly detect anything is wrong with it or subtle enough that you don't notice anything until much later. In any case, there are a few warning signs that your phone or computer browser may be compromised by this software. 

Installing extensions without authorization 

Your browser is similar to receiving a naked cake from the bakery: it has no dressing or decorations and is available for you to consume as is or customised to your preferences. Add-ons, often known as browser extensions, are tools you install on browsers to enhance your usage and carry out particular functions. Installing an extension will allow you to manage tabs, proofread your texts, summarise YouTube videos, and automatically apply coupons when you shop online. Typically, based on your demands, you install extensions yourself. However, browser modifers secretly set up harmful extensions that can secretly record your keystrokes, gather the data you submit on specific websites, or gather your data for marketing purposes. Any add-ons you see that you didn't install are a solid clue that something harmful is going on in the background. 

Modifying your default search engine 

If a browser modifier has been installed on your device, you can discover that your default search engine has been modified and that the search results now come from an unknown website. The outcomes might even be passable, but it does not guarantee everything is in order. The modifications made to your search engine provider may direct you to fraudulent websites where thieves are waiting to take your information, identity, or money. 

Most browsers' default search engines are typically connected to major tech firms. On Chrome and Safari, Google Search is the default search engine, Bing is the default search engine on Microsoft Edge, and Brave created Brave Search for its users. 

Of course, if you prefer another option, you may switch to DuckDuckGo, Wikipedia, Amazon, or even Stack Overflow. There are thousands of lesser-known search engines created by businesses and individual developers in addition to those prominent ones. Small search engines lack the same robust experience that users receive from well-known competitors, which is why they are less well-known. 

The use of search engines is crucial in the digital economy. They can increase website traffic, compensate business owners for their advertising expenditures, and bring in money for the search engine provider. Shadowy technocrats also want a piece of that cake, just like respectable businesses do. However, they are willing to employ any strategy, including viruses like browser modifiers. 

Your pop-up ad blocker must be disabled

One moment you're browsing wholesome internet content, and the next an ad encouraging you to install an app appears out of nowhere, taking up your entire screen. Or a persistent advertisement banner follows you online. 

Pop-up advertisements and persistent banners are common on some websites, after all. Most browsers offer settings you can change to disable them or at the very least lessen their frequency. You might have a problem with your browser modification if you experience persistent pop-ups and sticky advertisements. Additionally, you might notice that right after you save changes, the malware modifies your ad settings. 

Prevention tips 

Modifiers in browsers are annoying. In contrast to more sophisticated malware variants, these are more manageable. The majority of browser modification infections may be treated by either returning your browser to its original settings or by utilising anti-malware software to locate and get rid of the annoying programme. 

Browser reset: After installing a browser, we like to fiddle with its settings: switch between bright and dark modes, alter the font, enable tracking protection, and add extensions. Your browser will be restored to its factory settings after being reset. If you're dealing with a straightforward browser modifier, this measure ought to be perfectly adequate. Advanced browser modifications, however, can necessitate a complete removal of the browser, a clean sweep of the Programme Files and AppData folders on your hard drive, and a subsequent reinstallation of the browser. 

Malware scan: In addition to cleaning up, you should think about doing a malware scan on your files. Due to the possibility that the browser modification downloaded additional malware or set up potentially undesirable programmes on your device, doing this is very crucial. On your Windows computer, you may use Microsoft Defender to check for malware. It comes with Windows and is free. Malwarebytes and Norton are simply two alternatives that are equally effective. 

Security update: The best way to prevent a browser modifier infection is to update your browser to the most recent version that is available. Furthermore, installing security updates fixes holes that malware can exploit in your operating system and apps. That does not, however, mean you are safe. 

Malware has the ability to wait patiently for the right time to activate itself. Decide to automatically download and install updates for your apps and hardware. Delete files that are unnecessary or strange, too. Also, configure your anti-malware programme to regularly scan your drive for dangers. 

Should you be concerned about browser modifiers? 

Not much. The harm posed by browser modifiers is not as serious as that posed by viruses, Trojans, and worms. Additionally, if your system and browser are current, the likelihood that you will encounter this threat is limited. 

Nevertheless, browser modifiers are frequently disregarded as inconsequential annoyances. Given their capacity to do significant damage, you shouldn't. By enabling automatic updates, you may free up your time to concentrate on preventing worse risks.

New Security Flaw in Google's Chrome Browser Lets Hackers Access Sensitive User Data



Hackers are always finding new ways to exploit bugs and compromise sensitive user data, a recently discovered flaw in Google Chrome which could lead to arbitrary code execution, allows attackers to view, edit or even delete confidential data.

The vulnerability in the browser was initially reported by the Centre for Internet Security (CIS) and it could have allowed hackers to execute arbitrary code in the context of the browser. In order to keep the flaw in check, Google Chrome released an immediate update for its users round the globe.

In the upcoming week, Google will be releasing patches for Mac, Windows and Linux, as per the reports. However, the older versions of the search engine, which are the versions before 76.0.3809.132 are prone to attack.

To be on a safe side, users are advised to have their browsers updated and be aware of suspicious websites. The report also recommends users to avoid following the hyperlinks from unknown sources.

“A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” Reads the report.

Google now pays more for disclosing vulnerabilities in Chrome OS and some Play Store apps

One of the hardest aspects of maintaining a cross-platform product is ensuring its security. Vulnerabilities can be exploited on various platforms in various scenarios, and it’s almost impossible for literally any company’s security department to fix all of them on their own. That’s why companies often use vulnerability disclosure rewards programs, which basically means giving money to someone who finds an issue in your product. Google has several programs of this kind. One of them is the Chrome Vulnerability Rewards Program, which awards security researchers for exploiting vulnerabilities in Chromium, Chrome, and Chrome OS. As you already know, there are a lot of Chromium-based browsers on the market, so the security of this product is crucial.

Today, Google is increasing the minimum rewarding amount for this program. Currently, security researchers receive a maximum amount of $5,000 on baseline reports. These exploits are mostly around escaping the sandboxing. Google is tripling the amount of reward for high severity baseline reward, bringing it up to $15,000. The price of high-quality reports with functional exploits of the same category got doubled. Previously it was $15,000, but after today Google will pay $30,000 for these kinds of exploits. Google is also increasing the bonus from $500 to $1,000 for exploits found via Chrome Fuzzer, which lets security researchers use Google’s hardware and scale to replicate the exploits.

The Google Play Security Reward Program got an update, too. This program only covers apps that have specifically opted-in.

- The reward for remote code execution bug went from $5,000 to $20,000
- The reward for theft of insecure private data went from $1,000 to $3,000
- The reward for accessing protected app components went from $1,000 to $3,000

To put it in short, Google decided to show more appreciation for all the security researchers that help ensure the security of their product. The changes will go into action today. You can start looking for vulnerabilities if you are competent enough. Maybe you’ll get some reward from Google.

Zero-day vulnerability in Internet Explorer discovered

According to security researchers at Chinese web giant Quihoo 360, hackers are using a zero-day vulnerability in Internet Explorer kernel code to infect Windows computers with malware.

The researchers say that an advanced persistent threat (APT) group is using the vulnerability to infect victims on a global scale by sending malicious Office documents to selected targets.


These documents are loaded with what they call a "double-kill" vulnerability, which affects the latest versions of Internet Explorer and any other applications that use IE kernel. When victims open the office document, the bug launches a malicious webpage in the background to deliver malware from a remote server.

"After the target opens the document, all exploit code and malicious payloads are loaded from a remote server," the researchers wrote in a blog post on the Chinese platform Weibo.

The researchers said that the attack involves the use of a public User Account Control (UAC) bypass, reflective DLL loading, fileless execution, and steganography; they also provided a diagram that roughly outlines the attack, with Chinese annotations.


The company says that it has reported the vulnerability to Microsoft and will be giving them appropriate time to find a patch before it reveals more details about the bug.

Microsoft has neither confirmed nor denied the attacks, but has given the following statement:

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.

Security flaw detected in popular Dolphin and Mercury browsers

Rotologix, a cyber-security enthusiast, has found out zero-day flaws, which could allow an attacker to perform remote code execution, in two popular Dolphin and Mercury Android mobile browsers, which have 100 million users.

The remote code execution exploit allows an attacker to replace the browser's theme package with an infected counterpart.

“The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the Mercury Browser's data directory,” the researcher posted in a blog post.

It is said that the exploit allows the attackers to modify the downloading and applying new themes functions to the browser. Those who are affected, need to download, and apply a new Dolphin browser theme all again.


And for Dolphin, Rotologix said, "An attacker with the ability to control the network traffic for users of the Dolphin browser for Android, can modify the functionality of downloading and applying new themes for the browser. Through the exploitation of this functionality, an attacker can achieve an arbitrary file write, which can then be turned into code execution within the context of the browser on the user's device.”

Google Patched High-Risk Vulnerability in Chrome Browser

Google released chrome version 15.0.874.121 that fix the High-Risk Vulnerability in Javascript Engine named V8. This vulnerability is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution.

Google paid security researcher Christian Holler $1,000 for discovering and reporting this vulnerability.

Download the Latest Version From here:
http://www.google.com/chrome

Facebook blames Browser Vulnerability for the pornographic spam Attack


Yesterday, The pornographic spam hits Facebook, Explicit and Violence posted in lot of users wall(without user knowledge).


Facebook have acknowledged for this spam attack.  According to their statement , the attackers exploits the Browser Vulnerability that allows "Self-XSS".

Self-XSS(Cross site Scripting)-An attacker can execute Malicious Javascript code on your browser that bring the access to the whatever website you visit (not only Facebook).

Most of time, the spam message ask you to copy the javascript and enter in the browser url box in order to get something(Eg: Gift card or Facebook Stalker).  This results in executing the Malicious code and results in account hacking or spreading spam message.

It is unclear which browser is vulnerable to .  Hope they will fix it soon.

If you like to know more about Self-XSS Attack, please check here:
Self-XSS, one of Social Engineering Attack.