Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Chrome. Show all posts
Google Updates
Ad Blockers API Chrome Extensions Cyber Security Google Google Chrome Google Chrome security Google Updates

The Impact of Google’s Manifest V3 on Chrome Extensions

 

Google’s Manifest V3 rules have generated a lot of discussion, primarily because users fear it will make ad blockers, such as Ublock Origin, obsolete. This concern stems from the fact that Ublock Origin is heavily used and has been affected by these changes. However, it’s crucial to understand that these new rules don’t outright disable ad blockers, though they may impact some functionality. The purpose of Manifest V3 is to enhance the security and privacy of Chrome extensions. A significant part of this is limiting remote code execution within extensions, a measure meant to prevent malicious activities that could lead to data breaches. 

This stems from incidents like DataSpii, where extensions harvested sensitive user data including tax returns and financial information. Google’s Manifest V3 aims to prevent such vulnerabilities by introducing stricter regulations on the code that can be used within extensions. For developers, this means adapting to new APIs, notably the WebRequest API, which has been altered to restrict certain network activities that extensions used to perform. While these changes are designed to increase user security, they require extension developers to modify how their tools work. Ad blockers like Ublock Origin can still function, but some users may need to manually enable or adjust settings to get them working effectively under Manifest V3. 

Although many users believe that the update is intended to undermine ad blockers—especially since Google’s main revenue comes from ads—the truth is more nuanced. Google maintains that the changes are intended to bolster security, though skepticism remains high. Users are still able to use ad blockers such as Ublock Origin or switch to alternatives like Ublock Lite, which complies with the new regulations. Additionally, users can choose other browsers like Firefox that do not have the same restrictions and can still run extensions under their older, more flexible frameworks. While Manifest V3 introduces hurdles, it doesn’t spell the end for ad blockers. The changes force developers to ensure that their tools follow stricter security protocols, but this could ultimately lead to safer browsing experiences. 

If some extensions stop working, alternatives or updates are available to address the gaps. For now, users can continue to enjoy ad-free browsing with the right tools and settings, though they should remain vigilant in managing and updating their extensions. To further protect themselves, users are advised to explore additional options such as using privacy-focused extensions like Privacy Badger or Ghostery. For more tech-savvy individuals, setting up hardware-based ad-blocking solutions like Pi-Hole can offer more comprehensive protection. A virtual private network (VPN) with built-in ad-blocking capabilities is another effective solution. Ultimately, while Manifest V3 may introduce limitations, it’s far from the end of ad-blocking extensions. 

Developers are adapting, and users still have a variety of tools to block intrusive ads and enhance their browsing experience. Keeping ad blockers up to date and understanding how to manage extensions is key to ensuring a smooth transition into Google’s new extension framework.
Read more »
Privacy
Android devices Browsers Cookies Data Storage Google Chrome junk files Mozilla Firefox Privacy

Why You Should Clear Your Android Browser’s Cache and Cookies



The web browsers of your Android devices, whether it's Google Chrome, Mozilla Firefox, or Samsung Internet, stores a variety of files, images, and data from the websites you visit. While this data can help load sites faster and keep you logged in, it also accumulates a lot of unnecessary information. This data buildup can potentially pose privacy risks.

Over time, your browser’s cookies and cache collect a lot of junk files. Some of this data comes from sites you’ve visited only once, while others track your browsing habits to serve targeted ads. For example, you might see frequent ads for items you viewed recently. Clearing your cache regularly helps eliminate this unnecessary data, reducing the risk of unknown data trackers lurking in your browser.

Though clearing your cache means you’ll have to log back into your favourite websites, it’s a small inconvenience compared to the benefit of protecting your privacy and freeing up storage space on your phone.

How to Clear Cookies and Cache in Google Chrome

To clear cookies and cache in Google Chrome on your Android device, tap the More button (three vertical dots) in the top right corner. Go to History and then Delete browsing data. Alternatively, you can navigate through Chrome’s Settings menu to Privacy and Security, and then Delete browsing data. You’ll have options under Basic and Advanced settings to clear browsing history, cookies and site data, and cached images and files. You can choose a time range to delete this data, ranging from the past 24 hours to all time. After selecting what you want to delete, tap Clear data.

How to Get Rid Of Unnecessary Web Files in Samsung Internet

For Samsung Internet, there are two ways to clear your cookies and cache. In the browser app, tap the Options button (three horizontal lines) in the bottom right corner, then go to Settings, and select Personal browsing data. Tap Delete browsing data to choose what you want to delete, such as browsing history, cookies, and cached images. Confirm your choices and delete.

Alternatively, you can clear data from the Settings app on your phone. Go to Settings, then Apps, and select Samsung Internet. Tap Storage, where you’ll find options to Clear cache and Clear storage. Clear cache will delete cached files immediately, while Clear storage will remove all app data, including cookies, settings, and accounts.

How to Declutter in Mozilla Firefox

In Mozilla Firefox, clearing cookies and cache is also straightforward. Tap the More button (three vertical dots) on the right of the address bar, then go to Settings and scroll down to Delete browsing data. Firefox offers options to delete open tabs, browsing history, site permissions, downloads, cookies, and cached images. Unlike Chrome, Firefox does not allow you to select a time range, but you can be specific about the types of data you want to remove.

Firefox also has a feature to automatically delete browsing data every time you quit the app. Enable this by going to Settings and selecting Delete browsing data on quit. This helps keep your browser tidy and ensures your browsing history isn’t accessible if your phone is lost or stolen.

Regularly clearing cookies and cache from your Android browser is crucial for maintaining privacy and keeping your device free from unnecessary data. Each browser—Google Chrome, Samsung Internet, and Mozilla Firefox—offers simple steps to manage and delete this data, boosting both security and performance. By following these steps, you can ensure a safer and more efficient browsing experience on your Android device.


Read more »
Windows
Google Google Chrome Password Manager Technology Windows

Passwords Vanish for 15 Million Windows Users, Google Says "Sorry"

Passwords Vanish for 15 Million Windows Users, Google Says "Sorry"

Google says “sorry” after a bug stopped Windows users from finding or saving their passwords. The issue began on 24th July and stayed till 25th July, before it was fixed. The problem, google said was due to “a change in product behavior without proper feature guard,” an incident sharing similarities with the recent Crowdstrike disruption.

The disappearing password problem affected Chrome users worldwide, causing them trouble finding saved passwords. Users even had trouble finding newly saved passwords. Google has fixed the issue now, saying the problem was in the M127 version of Chrome Browser on Windows devices.

Who were the victims?

It is difficult to pinpoint the exact numbers, but based on Google’s 3 Billion Chrome users worldwide, with the majority of Chrome users, we can get a positive estimate. According to experts, around 15 million users experienced the vanishing password problem.  "Impacted users were unable to find passwords in Chrome's password manager. Users can save passwords, however it was not visible to them. The impact was limited to the M127 version of Chrome Browser on the Windows platform," said Google.

The password problem is now fixed

Fortunately, Google has now fixed the issue, users only need to restart their Chrome browsers. “We apologize for the inconvenience this service disruption/outage may have caused,” said Google. If a user has any inconveniences beyond what Google has covered, they are free to contact Google Workplace Support.

Chrome Password Manager: How to use it?

Google's Chrome password manager may be accessed through the browser's three-dot menu by selecting Passwords & Autofill, then Google Password Manager. Alternatively, you can install the password manager Chrome app from the password manager settings and then access it from the Google Apps menu. If Chrome invites you to autofill a password, clicking Manage Passwords will take you directly there.

Things that went missing besides passwords recently

According to cybersecurity reporter Brian Krebs, the email verification while creating a new Google Workplace Account also went missing for a few Chrome users. 

The authentication problem, which is now fixed, allowed threat actors to skip the email verification needed to create a Google Workplace account, allowing them to mimic a domain holder at third-party services. This allowed a threat actor to log in to third-party services like a Dropbox account.  

Read more »
Safari
Apple Google Chrome Online Tracking Privacy Safari

Apple Warns iPhone Users to Avoid Google Chrome

 



The relationship between Apple and Google has always been complex, and recent developments have added another layer to this rivalry. Apple has launched a new ad campaign urging its 1.4 billion users to stop using Google Chrome on their iPhones. This move comes as Google attempts to convert Safari users to Chrome, amidst growing scrutiny of its financial arrangements with Apple regarding default search settings.

The Financial Dynamics Behind Safari and Chrome

Google relies heavily on Safari to drive search requests from iPhones, thanks to a lucrative deal making Google the default search engine on Safari. However, this arrangement is under threat from monopoly investigations in the US and Europe. To counter this, Google is pushing to increase Chrome's presence on iPhones, aiming to boost its install base from 30% to 50%, capturing an additional 300 million users.

Apple's new campaign focuses on privacy, highlighting Chrome's vulnerabilities in this area. Despite Google's claims of enhanced privacy, tracking cookies remains an issue, and recent reports suggest that Google collects device data from Chrome users through an undisclosed setting. Apple's advertisements, including billboards promoting Safari's privacy features, emphasise that users concerned about online privacy should avoid Chrome.

In its latest video ad, Apple draws inspiration from Hitchcock's "The Birds" to underscore the threat of online tracking. The ad's message is clear: to avoid being watched online, use Safari instead of Chrome. This campaign is not about convincing Android users to switch to iPhones but about keeping iPhone users within Apple's ecosystem.

Despite Apple's push for Safari, the reality is that many users prefer Google Search. Reports indicate that Apple itself has found Google Search to be superior to alternatives. Even if Google is dropped as the default search engine on Safari, users can still set it manually. The question remains whether Google will offer advanced AI search features on Chrome that are unavailable on other browsers.

This battle between Safari and Chrome is just beginning. As Apple fights to retain its 300 million Safari users, the competition with Google will likely intensify. Both companies are navigating a rapidly changing landscape where privacy, user preferences, and regulatory pressures play defining roles. For now, Apple is betting on its privacy-focused message to keep users within its ecosystem, but the outcome of this struggle remains to be seen.


Read more »
Google Chrome security
Browser Extension Browser Vulnerability Chrome Web Store Cyber Security data security Google Google Chrome Google Chrome security

Google Chrome Users at Risk: Study Reveals Dangerous Extensions Affecting 280 Million

 

A recent study has unveiled a critical security threat impacting approximately 280 million Google Chrome users who have installed dangerous browser extensions. These extensions, often masquerading as useful tools, can lead to severe security risks such as data theft, phishing, and malware infections. 

The research highlights that many of these malicious extensions request excessive permissions, granting them access to sensitive user data, the ability to monitor online activities, and even control over browser settings. This exposure creates significant vulnerabilities, enabling cybercriminals to exploit personal information, which could result in financial losses and privacy invasions. In response, Google has been actively removing harmful extensions from the Chrome Web Store. 

However, the persistence and evolving nature of these threats underscore the importance of user vigilance. Users are urged to carefully evaluate the permissions requested by extensions and consider user ratings and comments before installation. Cybersecurity experts recommend several proactive measures to mitigate these risks. Regularly reviewing and removing suspicious or unnecessary extensions is a crucial step. Ensuring that the browser and its extensions are updated to the latest versions is also vital, as updates often include essential security patches. Employing reputable security tools can further enhance protection by detecting and preventing malicious activities associated with browser extensions. 

These tools provide real-time alerts and comprehensive security features that safeguard user data and browsing activities. This situation underscores the broader need for increased cybersecurity awareness. As cybercriminals continue to develop sophisticated methods to exploit browser vulnerabilities, both users and developers must remain alert. Developers are encouraged to prioritize security in the creation and maintenance of extensions, while users should stay informed about potential threats and adhere to best practices for safe browsing. 

The study serves as a stark reminder that while browser extensions can significantly enhance user experience and functionality, they can also introduce severe risks if not managed correctly. By adopting proactive security measures and staying informed about potential dangers, users can better protect their personal information and maintain a secure online presence. 

Ultimately, fostering a culture of cybersecurity awareness and responsibility is essential in today’s digital age. Users must recognize the potential threats posed by seemingly harmless extensions and take steps to safeguard their data against these ever-present risks. By doing so, they can ensure a safer and more secure browsing experience.
Read more »
Zero Day
Browser Data Google Chrome Vulnerability and Exploits Zero Day

Google Issues Emergency Update for New Chrome Vulnerability

 



Google has announced an urgent security update for its Chrome browser to fix a newly discovered vulnerability that is actively being exploited. This recent flaw, identified as CVE-2024-5274, is the eighth zero-day vulnerability that Google has patched in Chrome this year.

Details of the Vulnerability

The CVE-2024-5274 vulnerability, classified as high severity, involves a 'type confusion' error in Chrome's V8 JavaScript engine. This type of error occurs when the software mistakenly treats a piece of data as a different type than it is, potentially leading to crashes, data corruption, or allowing attackers to execute arbitrary code. The vulnerability was discovered by Google security researcher Clément Lecigne.

Google has acknowledged that the flaw is being exploited in the wild, which means that malicious actors are already using it to target users. To protect against further attacks, Google has not yet disclosed detailed technical information about the flaw.

To address the issue, Google has released a fix that is being rolled out via the Chrome Stable channel. Users on Windows and Mac will receive the update in versions 125.0.6422.112/.113, while Linux users will get the update in version 125.0.6422.112. Chrome typically updates automatically, but users need to relaunch the browser for the updates to take effect. To ensure the update is installed, users can check their Chrome version in the About section of the Settings menu.

Ongoing Security Efforts

This marks the third actively exploited zero-day vulnerability in Chrome that Google has fixed in May alone. Earlier this year, Google adjusted its security update schedule, reducing it from twice weekly to once weekly. This change aims to close the patch gap and reduce the time attackers have to exploit known vulnerabilities before a fix is released.

Previous Zero-Day Vulnerabilities Fixed This Year

Google has been actively addressing several critical vulnerabilities in Chrome throughout 2024. Notable fixes include:

1. CVE-2024-0519: An out-of-bounds memory access issue in the V8 engine, which could lead to heap corruption and unauthorised data access.

2. CVE-2024-2887: A type confusion vulnerability in the WebAssembly standard, which could be exploited for remote code execution.

3. CVE-2024-2886: A use-after-free bug in the WebCodecs API, allowing arbitrary reads and writes, leading to remote code execution.

4. CVE-2024-3159: An out-of-bounds read in the V8 engine, enabling attackers to access sensitive information.

5. CVE-2024-4671: A use-after-free flaw in the Visuals component, affecting how content is rendered in the browser.

6. CVE-2024-4761: An out-of-bounds write issue in the V8 engine.

7. CVE-2024-4947: Another type confusion vulnerability in the V8 engine, risking arbitrary code execution.

Importance of Keeping Chrome Updated

The continuous discovery and exploitation of vulnerabilities surfaces that it's imperative to keep our softwares up to date. Chrome’s automatic update feature helps ensure users receive the latest security patches without delay. Users should regularly check for updates and restart their browsers to apply them promptly.

Overall, Google’s quick response to these vulnerabilities highlights the critical need for robust security measures and careful practices in maintaining up-to-date software to protect against potential cyber threats.


Read more »
junk files
Android Browser Cche Cookies Cyber Security Cyberattacks CyberThreat Firefox Google Chrome junk files

Banish Browser Clutter: How to Easily Remove Junk Files on Android

 


A web browser on users' Android phones may collect data, such as cookies and cache, that can be useful, but can also be unwanted and may pose a security risk to their privacy. It is recommended that users clear these data regularly so that junk can be removed from their devices and that unknown data trackers will not be able to store extraneous information on their devices. 

It is important to know that cleaning cache and cookies depends on the type of browser users use, such as Google Chrome, Samsung Internet, or Mozilla Firefox. The process of clearing this data varies from browser to browser and usually involves entering the browser settings and choosing the data that users wish to delete. 

By clicking on the More button in Google Chrome and navigating to History, users can clear their browser's cookies and cache. Deletes can be done in a variety of ways with this browser, such as by deleting browsing history, cookies and site information, cached images and files, or selecting a time range during which they should be deleted. 

It is possible to delete browsing data, cookies, and cache on the Samsung Internet browser app or through the phone's settings menu, just as Samsung Internet offers similar options. As far as Mozilla Firefox is concerned, there are several ways to clear browsing data, including the Open tabs, Browsing History, Site Data, and Downloads folder, as well as the Cookies and Cached images and files. Most of the junk that builds up inside the device's cache and cookies is just plain junk. Some of it could have come from a single site a user visited. 

As a result of this tracking, some companies are showing their users advertisements based on the items they are buying or watching on the internet. Other companies are tracking their browsing history on an active basis, helping them show them advertisements based on those items. As a result, it is essential to clear out the cache frequently. The tool enables users to remove any data they no longer need on their phone, especially if they have a cookie in their phone that contains a cookie from a known data tracker. 

Users will have to log back into some of their favourite websites after clearing the cache, but this is a small price to pay to make sure their phone does not accumulate unnecessary data by doing so. It is important to note that the steps vary slightly depending on the kind of phone and web browser that the user is using. 

In the Android version of Google Chrome, users can delete cookies and cache by first tapping the More button at the top right of the browser, which is indicated by a column of three dots. They can then tap History, and then they can delete their cookies and cache. Chrome users can also access this by clicking the Privacy and Security menu in their Chrome Settings. As well as removing browsing history, cookies, and site data, Chrome offers two advanced settings to clear users' cached files and images. 

The user can select which time ranges to delete from the drop-down menu when selecting whether he/she wants to delete the entire history or select a selection from anywhere within the past 24 hours to within the last four weeks. When users tap on the Advanced tab, users can also access additional options such as deleting saved passwords, auto-complete information for forms, and site settings. 

When they have selected the items they want to delete, tap the blue Clear data button at the bottom of the screen. If Chrome determines that certain websites are "important" to its users, they might receive a prompt asking them to confirm before clearing the cache, if Chrome deems that particular website to be "important" to the user. Similar to the Chrome browser for Android, the Mozilla Firefox Android app also allows users to clear their cache from within the application. 

It is possible to access this feature by tapping on the More button that is located to the right of the address bar, also indicated by three vertically aligned dots. In the Settings menu, tap the Delete browsing data option. Then scroll down and select the option. There is a lot of freedom in Firefox when it comes to the Delete browsing data menu compared to the other three browsers mentioned here, in that it allows users to delete all current open tabs, their browsing history, their site data, their permissions, and even their Downloads folder, along with their Cookies and Cached files and images. 

As with Chrome, users have the option to select a time range, however, they can be more specific regarding the type of data that they wish to remove, as opposed to merely picking a time range. As a bonus, Firefox also comes with an option that allows users not to retain their browsing data after they have signed up for the application but before they begin using it. 

There is an option within the Settings tab that instructs Firefox to delete any combination of these settings every time the user quits the browser. This will eliminate any combination of these settings every time the user quits the browser. If users want to remain tidy with their browser history, this functionality can be quite useful since they can avoid accidentally handing their browsing history over to a person who may have stolen the phone from them or gained access to it in some other way.
Read more »
User Privacy
Chrome users Data collection Google Google Chrome Incognito mode Privacy User Privacy

Google to put Disclaimer on How its Chrome Incognito Mode Does ‘Nothing’


The description of Chrome’s Incognito mode is set to be changed in order to state that Google monitors users of the browser. Users will be cautioned that websites can collect personal data about them.

This indicates that the only entities that are kept from knowing what a user is browsing on incognito would be their family/friends who use the same device. 

Chrome Incognito Mode is Almost Useless

At heart, Google might not only be a mere software developer. It is in fact a business that is motivated through advertising, which requires it to collect information about its users and their preferences in order to sell them targeted advertising. 

Unfortunately, users cannot escape this surveillance just by switching to incognito. In fact, Google is paying a sum of $5 billion to resolve a class-action lawsuit filed against them, accusing the company of betraying its customers regarding the privacy assurance they support. Google is now changing its description of Incognito mode, which will make it clear that it does not really protect the user’s privacy. 

Developers can get a preview of what this updated feature exactly is, by using Chrome Canary. According to MSPowerUser, the aforementioned version of Chrome displayed a disclaimer when the user went Incognito, stating:

"You’ve gone Incognito[…]Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google."

(In the above statement, the text in bold is the new addition to the disclaimer.)

Tips for More Private Browsing 

Chrome remains one of the popular browsers, even Mac users can use Safari instead. Privacy is just one of the reasons Apple fans should use Safari instead of Chrome.) However, there are certain websites that users would prefer not to get added to their Google profile which has the rest of their private information. Thus, users are recommended to switch to Safari Private Browsing, since Apple does not use Safari to track its users (it claims to). 

Even better, use DuckDuckGo when you want to disconnect from the internet. This privacy-focused search engine and browser won't monitor or save the searches of its users; in fact, its entire purpose is to protect users' online privacy.  

Read more »
Software
ADHD Beyond Identity Cyberattacks Cybercrimes Cybersecurity Google Chrome Google Search History malware mental Health Software

Cybersecurity Concerns: When Mental Health Queries Become Malware Magnets

 


'Beyond Identity' recently published a study that showed that certain mental health search terms can open users up to the possibility of meeting malware as a result of their search. Using searches related to mental health that were high in volume, the study found that many of them were linked to programs that could steal data from devices or harm networks as well as cause damage to equipment.

In the report by "Beyond Identity", it was determined that the term "meditation music" is considered to carry a high level of critical risk. Therefore, users should be cautious when searching for this particular term in order to download music when using it as part of their meditation practice. 

Beyond Identity has also identified a number of terms that are considered medium or high risk. There are numerous ways of finding psychiatrists around us. This includes using search terms such as "psychiatrist near me," "virtual therapy," "mental health services," "ADHD treatment," "breathing exercises," "mindfulness meditation," "anxiety treatment," "depression treatment," and "how to meditate." 

As part of their research, it was also found that mental health terms rank second as the most dangerous malware terms of all, behind training and courses related to work. According to the data, this shows just how many bad actors are targeting people who are looking for online content and resources relating to their well-being in order to get their stuff. 

Beyond Identity conducted a research study on popular terms that received more than 6,000 searches in the U.S. during the last month. After this, it used a malware detector tool to analyze the first 50 non-sponsored links that Google Chrome returned in the results section as well as their origins. If a search is conducted in this manner, according to the algorithm used by the user, the top links may depend on that algorithm. 

There were links that were flagged as malicious if they blocked the malware detection tool, used outdated software, or contained software that was clearly malignant. There is a danger of malicious code being included in a website if the software is outdated or it is not equipped with a malware detection tool. 

There are a number of ways in which your device can get infected by malware, beginning with visiting a site that has malware, clicking on an ad that contains malware, interacting with pop-up ads, and downloading infected media files, software, or documents. In the process of searching for mental health information, users never want to end up infected with malicious software that can incite panic in users. There is nothing wrong with trusting only reputable websites and hospitals if the user is suspicious of their search results in search engines.
Read more »
Transport Layer Security
Certificate Monitoring Chromium Project Google Google Chrome Technology TLS Certificates Transport Layer Security

Companies May Now Prepare for a Shorter TLS Certificate Lifespans


Google put forth a proposal on March 3 to substantially reduce the Transport Layer Security (TLS) digital certificate's validity period from 398 days to 90 days. Apparently, this will lead to a lot of changes in how businesses manage their certificates, especially when it comes to automated processes.

The proposal made by the open-source organization that created the Google Chrome browser and Chrome OS, which is outlined in a road map titled "Moving Forward, Together," is a step forward toward assuring more dependable, resilient Web operations. However, it will require organizations to transform their certification processes.

Current State of Digital Certificate 

Over the past years, digital certificates' lifespan has decreased drastically, from five years in 2012 to just over two years in 2018 to 13 months, or 398 days, in July 2020. Particularly in a cloud-based computing environment where websites and services are continuously spun up and down to accommodate shifting needs and priorities, shorter lifespans assist in assuring the legitimacy of digital identities.

According to Google, the changes proposed will speed up the adoption of new features, such as best practices and additional security capabilities, and encourage businesses to abandon manual methods, that are filled with errors. Automation as a result would better prepare businesses for the onset of post-quantum cryptography.

A Wake-up Call for Certificate Monitoring

The Chromium Projects' proposal to the CA/Browser Forum, a grouping of certification authorities (CA), browser manufacturers, and others, would most likely go into force by the end of 2024 if it were to be accepted. The likelihood of a significantly shorter lifespan should act as a wake-up call for organizations, even though the changes are not final. The suggestion is unmistakable evidence that the rules of the game have changed, thus they need to have more control and visibility over their public keys and certificates.

Years ago, teams could obtain a certificate for something like a Web server and then essentially forget about it because certificates had a five-year lifespan. They never established a system for determining when certificates needed to be renewed or checked to see if they were about to expire, which might result in disruptions connected to certificates. Teams were eventually able to establish a routine and check for certificate expirations regularly thanks to the eventual reduction of certificate life to 398 days.

The visibility of TLS (also known as Secure Sockets Layer or SSL) certificates is crucial as businesses grow in the cloud. Additionally, teams need help managing the layered, increasingly complicated environments on the cloud. With the new validity period under consideration, the focus is now on automating the procedure.

The complete impact of Chromium Projects’ proposal is yet to be defined. It appears that there are a few unresolved issues, such as whether it may apply to the Internet of Things devices, such as, for instance, security cameras that also require certificates, or if it is restricted to simply Web servers.

Regardless of the outcome of the plan, it captures the realities of the current environment. While a shorter certificate lifespan is beneficial, businesses will need to reconsider how they will manage them effectively.  

Read more »
malware
Atomic macOS Malware BleepingComputer Credit Card Stealer Crytocurrency Google Chrome macOS malware

Atomic macOS Malware: New Malware Steals Credit Card Credentials in Chrome


A brand-new malware has apparently been targeting macOS. The malware, according to BleepingComputer, is named “Atomic” and was being sold to cybercriminals in darknet markets for $1,000 a month. 

A victim management UI that is simple to use and gives malicious actors access to very sensitive information, such as keychain passwords, cookies, files from local computers, and other information that may put victims in serious trouble, is provided by this ill-intentioned subscription.

What is Atomic Capable of? 

While Atomic is an information-stealing malware, it can drastically make its quarries much poorer. When cybercriminals buy Atomic, they receive a DMG file with a 64-bit Go-based malware program that can steal credit card information from browsers. This covers Yandex, Opera, Vivaldi, Microsoft Edge, Mozilla Firefox, and Google Chrome. 

After gaining access to a victim's Mac, Atomic may show a bogus password window asking users to enter their system passwords. As a result, attackers can access the target's macOS computer and cause havoc. 

Moreover, due to the activities of Atomic, cryptocurrency holders are particularly vulnerable. More than 50 well-known cryptocurrency extensions, including Metamask and Coinbase, are intended targets of this macOS malware. 

Atomic, unfortunately, has a tendency to go unnoticed. Only one malicious software detection was made by 59 anti-virus scanners. 

How can you Protect Yourself from Atomic macOS Malware? 

Thankfully, Atomic will not be hiding in any official macOS services. Atomic is disseminated by phishing emails, laced torrents, and social media posts by nefarious buyers. Some even use the influence of black SEO to lure Google users into downloading malicious software that poses as legitimate software. 

In case you are a crypto holder, it is best advised to use a well-known crypto hardware wallet in order to protect yourself from digital-asset thieves. Moreover, it has also been advised to not use software wallets, since that way valuable virtual currencies are majorly exposed. 

It has also been recommended to online users to remove their credit card information from Google Chrome by navigating to Settings > Autofill > Payment Methods. Tap on the three-dotted icons next to your credit cards and click on "Turn off virtual card." Go to pay.google.com, select Payment Methods, and then click "Remove" next to your credit cards to take things a step further.  

Read more »
Windows
Bitcoin Browser cryptocurrency Cyber Crime Google Chrome Phylum Threat actors Typosquatting Windows

Clipper Virus: 451 PyPI Packages Deploy Chrome Extensions to Steal Crypto


Threat actors have recently released more than 451 distinct Python packages on the official Python Package Index (PyPI) repository in an effort to infect developer systems with the clipper virus. 

The libraries were discovered by software supply chain security firm Phylum, which said the ongoing activity is a continuation of a campaign that was first made public in November 2022. 

How Did Threat Actors Use Typosquatting? 

In an initial finding, it was discovered that popular packages including beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow were being mimicked via typosquatting. 

For each of the aforementioned, the threat actors deploy between 13 and 38 typosquatting variations in an effort to account for a wide variety of potential mistypes that could lead to the download of the malicious package. 

In order to evade detection, the malicious actors deployed a new obfuscation tactic that was not being utilized in the November 2022 wave. Instead, they are now using a random 16-bit combination of Chinese ideographs for function and variable identifiers. 

Researchers at Phylum emphasized that the code makes use of the built-in Python functions and a series of arithmetic operations for the string generation system. This way, even if the obfuscation produces a visually striking outcome, it is not extremely difficult to unravel. 

"While this obfuscation is interesting and builds up extremely complex and highly obfuscated looking code, from a dynamic standpoint, this is trivial[…]Python is an interpreted language, and the code must run. We simply have to evaluate these instances, and it reveals exactly what the code is doing,” reads a Phylum report. 

Malicious Browser Extensions 

For taking control of the cryptocurrency transactions, the malicious PyPi packages create a malicious Chromium browser extension in the ‘%AppData%\Extension’ folder, similar to the November 2022 attacks. 

It then looks for Windows shortcuts pertaining to Google Chrome, Microsoft Edge, Brave, and Opera, followed by hijacking them to load the malevolent browser extension using the '--load-extension' command line argument. 

For example, a Google Chrome shortcut would be hijacked to "C:\Program Files\Google\Chrome\Application\chrome.exe --load-extension=%AppData%\\Extension". 

After the web browser is launched, the extension will load, and malicious JavaScript will monitor for cryptocurrency addresses copied to the Windows clipboard. When a crypto address is found, the browser extension will swap it out for a list of addresses that are hardcoded and under the control of the threat actor. By doing this, any sent cryptocurrency transaction funds will be sent to the wallet of the threat actor rather than the intended receiver. 

By including cryptocurrency addresses for Bitcoin, Ethereum, TRON, Binance Chain, Litecoin, Ripple, Dash, Bitcoin Cash, and Cosmos in this new campaign, the threat actor has increased the number of wallets that are supported. 

These findings illustrate the ever-emerging threats that developers face from supply chain attacks, with threat actors inclining to methods like typosquatting to scam users into installing fraudulent packages.  

Read more »
Websites
Android Google Chrome Location Mobile Security Mobile Security News Mobile Security Threats Websites

Change These Settings to Prevent Your Android From Tracking You

 


You are being watched at every turn in today's connected world. You can have different kinds of apps and websites to track and collect your data for a wide range of purposes, both for personal and commercial use. A prominent example of this can be seen when Apple utilizes your data to process your transactions. Twitter can serve you with relevant advertisements, and Life360 can help it improve its location services based on your information.

There are, however, some apps and websites that utilize your personal information for the greater good, but not all of them. The same applies to your privacy, so it is always a wise idea to protect it as much as possible. 

The steps below are designed to help you stop your Android device from tracking you if you are using one. This includes deleting your web and app activity history, turning off your apps' location access, and disabling unnecessary location settings. 

By taking advantage of your location history 

The GPS feature of your Android phone is probably the most powerful way to track your location when using the phone. By signing into your Google account and allowing Location History to be enabled, Google can keep track of every place you visit when you are signed in. Several benefits can be gained from it, such as personalized maps, traffic reports, and the ability to find your phone when it is lost. These can enhance your experience in many ways. 

On the other hand, if you do not want Google following you everywhere, you can turn off location history. Here are the steps you need to follow to do so: 

  • Open the Settings app on your mobile device.
  • Open the Google search engine.
  • On the Google Account page, tap on "Manage your Google Account."
  • Click on the tab labeled "Date & privacy."
  • Next, below the History settings, select Location History. 
  • After that tap the "Turn off" button. 
  • Eventually, a dialog box will pop up, tap on "Pause". 
Regardless of whether you wish to delete your Location History or not, you can do so. As a result, you can remove data from the last 3, 18, or 36 months. 

You can set up Google to automatically delete your account by following these steps: 

  • Open Google Maps. 
  • Click on your profile icon. 
  • Select the timeline you wish to delete. 
  • Towards the top-right corner, click on the More icon (three vertical dots). 
  • Select "Settings and privacy" from the menu.
  • Under "Location settings," choose "Automatically delete Location History." 
  • Select "Auto-delete activity older than." 
  • From the drop-down menu, choose either three, 18, or 36. 
  • Tap Next. 
  • Select Confirm. 
  • Tap on the "Got it" button to exit. 

Your data will be automatically deleted from your account within the next few days if it has been older than the specified months. 

Tracing web and app activity 

Several settings on your phone can save your location, including Location History. The Web & App Activity gives you the same information as well as a lot more. Whenever you decide to enable Web & App Activity in your Google Account (via Google), you will be able to see the information you have entered and the location, IP address, ads you clicked, and even the things you have purchased (by Google). The following steps will guide you through the process of turning off this setting: 
  • Launch your Settings app. 
  • Scroll down and tap on Google. 
  • Select "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under "History settings," select "Web & App Activity." 
  • Click the "Turn off" button to disable Web & App Activity. 
  • Tap on Pause.
  • Click "Got it" to exit. 
  • Back on the "Web & App Activity" page, tap on the "Choose an auto-delete option" to automatically delete saved data. 
  • Select "Auto-delete activity older than."
  • From the drop-down menu, choose whether to delete saved data older than three, 18, or 36 months.
  • Click on Next. 
  • Select Confirm. 
  • Tap on "Got it" to exit. 

Update your location settings 


Additionally, you should also make sure that settings for your phone's location are changed, as well as blocking Google from saving your location. The settings you can turn off include the following:

Location

Scanners that help you locate nearby Wi-Fi and Bluetooth devices: The phone can detect nearby Wi-Fi and Bluetooth devices so it can get better location information based on their locations.

Location Services for Emergency Responses: Provides emergency responders with the ability to pinpoint your location when an emergency occurs.

Using the sensors on your phone, Wi-Fi, and the network of your mobile device, Google Location Accuracy improves the location information provided by your phone.

The steps listed below will guide you through the process of managing these settings (via Google): 

  • Launch the Settings app. 
  • Select Location. 
  • Toggle the slider off for "Use location" on top of the screen. 
  • Select "Wi-Fi and Bluetooth sharing." 
  • Turn off the sliders for both "Wi-Fi scanning" and "Bluetooth scanning." 
  • Return to the Location screen by clicking the Back button.
  • Select Advanced.
  • Tap on Emergency Location Service. 
  • Toggle the slider off if you prefer to do so. 
  • Return to the Location screen. 
  • Tap on Google Location Accuracy. 
  • Toggle the slider off next to "Improve Location Accuracy." 

Edit your device's permissions 

Location access is required by the majority of apps, if not all, so that you can get the best possible experience. If you live in a place where Facebook uses your location as an algorithm, you will be able to automatically include it when you post about it, find nearby places, and receive relevant ads.

By navigating to settings > Location > App access to location (via Google), you will be able to see which apps have access to your location and how they do it. The apps here fall under three categories: permitted all the time, permitted only while in use, and not permitted at all. If you have apps under "allowed all the time" and "available only while in use" that you want to remove location access to, simply tap the app. Then, select "Don't allow." 

The app will perform closer to your actual location if you enable the "Use precise location" toggle button for Android 12. This is only available when the app is running on Android 12, and when it does it uses your exact location. By switching this off, you will be able to see your approximate location instead of your exact location when you turn this off. Your location will appear to be somewhere within a radius of three kilometers of the actual location of the device. 

Check your Google Chrome settings 

It is common for you to come across websites when you are browsing the internet that will wish to know where you are located. A certain amount of help can be obtained from this method in some cases. Using a hardware retailer's website, for example, will allow it to display the closest hardware store near you, based on the information you provided on the company's website. 

You can check what websites currently have access to your location from your Google Chrome (via Google).

  • Launch the app. 
  • Tap on the More icon (three vertical dots) in the top-right corner of the screen. 
  • Select Settings. 
  • Scroll down to the "Advanced" section. 
  • Tap on Site settings. 
  • Select Location. 
  • Expand the "Allowed" section to check all the apps that can see your location. 
It is very simple to remove a site's location access by simply tapping on the site you wish to remove it from. Next, select the Block option from the drop-down menu. In addition, you can also turn off the location-sharing feature of Google Chrome to prevent it from tracking your location at all. By disabling this feature, you do not have to share your location with any sites you visit. Alternatively, if you are particularly concerned about the security of your data, you can consider switching to Tor or Firefox as alternative Android browsers. 

The advertising ID should be turned off

In today's world, ads are becoming more and more sophisticated. After researching plaid skirts one day, the next day you will be bombarded with advertisements for plaid skirts that you have never seen before. The ads online act as if they are watching every move you make and know exactly what you like before they ever reach your computer. Here, you will find instructions on how to disable this feature on your Android device (via Google). 

  • Launch your Settings app. 
  • Open Google.
  • Tap on "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under Ad settings, tap on "Ad personalization." 
  • Toggle off the slider next to "Ad personalization is ON." 
  • Select Turn off in the pop-up box. 
  • Tap on "Got it" to exit. 

However, disabling ad personalization does not mean you will stop seeing ads moving forward. They will still be there, but the upside is that they will only be general ads, not creepy personalized ones. 

If you disable ad personalization from your device, you may still see ads in the future despite disabling them.
Read more »
virus
Chrome Extensions Cyber Attacks cybercriminals Cybersecurity Google Chrome Malicious Extension Malicious Threats Ransomware virus

Remove These Malicious Chrome Extensions With 1 Million Downloads

 


An extension for your browser can enhance your online experience in several ways. Translations, conversions, spellchecking, shopping, and blocking popup ads are some of the services they can assist you with. You can customize your browsing experience using these extensions, and you may even be able to alter the way websites are displayed. There are several popular extensions available for Chrome, but the dark mode is an example.

It is imperative to remember that not all extensions are safe. By giving them access to such information, such as your personal information, you are giving them a lot of power. 

Although some extensions store this data for convenience, others use it to track you or launch a cyberattack against your computer. A malicious Chrome extension was recently reported to have been downloaded 1.4 million times since it first appeared on our site.

The cybersecurity firm Guardio Labs reports that a newly discovered malicious advertising campaign has been discovered in which Chrome extensions are used to hijack web searches and embed affiliate links into any other websites you visit.

The company's security researchers have dubbed this advertising campaign "Dormant Colors" since all of the malicious extensions in question offer color customization options for Chrome, which makes them the right candidate for being dubbed a malicious advertising campaign. However, the extensions themselves do not include malicious code when installed. This is how they were able to bypass Google’s security checks and end up on the Chrome Web Store in the first place. 

Extensions for Google Chrome - Dormant Colors

Following a thorough investigation into this matter by Guardiothis campaign use ad, it was found that there were thirty different versions of these malicious browser extensions available on both the Chrome and Edge web stores with more than a million installations altogether. They have been removed from both web stores, as we mentioned before, but just in case, here is a complete list of all the products that have been removed:

• Action Colors 
• Power Colors 
• Nino Colors 
• More Styles 
• Super Colors 
• Mix Colors 
• Mega Colors 
• Get colors 
• What color 
• Single Color 
• Colors scale 
• Style flex 
• Background Colors 
• More styles 
• Change Color 
• Dood Colors 
• Refresh color 
• Imginfo 
• WebPage Colors 
• Hex colors 
• Soft view 
• Border colors 
• Colors mode 
• Xer Colors 

 Explanation of how to remove Chrome extensions manually 

There are several malicious extensions listed below that have since been removed, but you may need to manually remove them by clicking on the three dots menu at the top right-hand corner of your Chrome browser to remove them permanently. Upon clicking 'More', you will be taken to the More tools section where you will be able to access Extensions.

Making money by hijacking your browser to make money from clicks on the ads 

The cybercriminals behind this campaign use ads and redirects to trick unsuspecting users into installing their malicious extensions. This is done when they visit sites that offer the opportunity to play videos or download files. This is done so that they can then go one step further and download malicious extensions. 

There are two sites where you can watch videos or download programs. However, when you click the videos or download programs link, you are redirected to another site that requires you to add an extension before you can continue. It is quite likely that you will be prompted to install a color-changing extension when you click either the 'OK' button or the 'Continue' button. This extension initially seems harmless on the surface. 

The problem with these extensions is that once installed, their purpose is to redirect users to pages that redirect them to malicious scripts that side-load malicious scripts that show how to perform search hijacking for the extensions, but also that tell the extensions what sites affiliate links can be inserted on to generate affiliate revenue. The creator of these malicious extensions earns a lot of money from these advertisements, which are sold to third parties for profit, which is known as search data. 

It is also possible to use these Dormant Colors extensions for automatic redirects to the same page with affiliate links added to the URL of each page instead of redirecting users to an entirely different page. Whenever anyone purchases an extension on any of these sites, the developers of such an extension will receive a commission for their work. 

Guardia, in a blog post, tells that the malicious extension campaign may have the potential to spread further over the coming weeks. "As this campaign continues to run, it is shifting domains, generating a wide assortment of extensions, and re-inventing several color-and-style-changing functions you are sure to be able to do without."

It is also worth mentioning that the code injection technique analyzed here provides the mitigation and evasion measures necessary to contribute to further malicious activities in the future, especially since it is a huge infrastructure for mitigation and evasion. 

The most effective way to keep your browser from getting infected by malicious extensions 

The most appropriate time to make sure you have an effective antivirus solution installed on your laptop or PC is before you add any additions to your browser, especially if you plan on adding any new extensions to it. In this way, you will be able to protect yourself against malware infection or having your personal information stolen and misused. 

Additionally, when you install any extensions, be sure to only use trusted sources, such as the Chrome Web Store or the Microsoft Edge Add-ons store, as these are both reliable sources. The fact that malicious extensions do slip through the cracks from time to time does not change the fact that you are still safer when you install browser extensions from an official store rather than from the web.

Additionally, you should always ask yourself whether or not you need an extension before downloading it. Do you need it, or do you just want to use it? When you come across an extension that seems too good to be true, then you can be certain that it is and is not worth downloading. In addition to checking the extensions in your browser regularly, you might also want to consider adding new ones. 

You need to regularly take a look at the extensions you have installed in your browser and make sure they are still relevant. Delete any of these that you no longer need. Also, keep an eye out for any new ones you may not have noticed you have added without your knowledge. Using browser extensions, you can add all kinds of new features and options to your browser that are not available in its built-in functionality. 
Read more »
MFA
Botnet Cobalt Strike Cookies Data Breach Encryption Google Chrome MFA

Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks

Hackers on the internet keep getting better. Stealing cookies from recently completed or ongoing web sessions is one new strategy they have been employing to avoid multi-factor authentication (MFA). 

Recently, Sophos researchers reported a new attack technique that is already becoming more prevalent. According to the researchers, the "cookie-stealing cybercrime spectrum" is vast, encompassing entry-level hackers as well as sophisticated rivals who employ a variety of strategies. 

On dark web forums, cybercriminals purchase stolen credentials in bulk or collect cookies. Because ransomware groups exploit genuine executables, both those that are already present and those that are added as tools, 'their operations may not be detected by simple anti-malware defenses.'

Cookie theft

Cookies are used by cloud infrastructures as well for user authentication. It's becoming simpler for entry-level attackers to engage in credential theft thanks to the malware-as-a-service sector. 

For instance, all they need to do is purchase a copy of an information-stealing Trojan like Raccoon Stealer to bulk collect information like cookies and passwords and then sell them on illicit markets like Genesis. Once this data is purchased, other criminals in the attack chain, such as ransomware developers, can search through it for anything they think would help their attacks. 

In contrast hand, in two of the most recent events that Sophos studied, the attackers adopted a more focused strategy. For one event, the hackers infiltrated a target's network for months in order to collect cookies from the Microsoft Edge browser. The attackers employed Cobalt Strike and Meterpreter activity to take advantage of a legal compiler tool in order to scrape access tokens after the initial penetration occurred via an exploit kit.

The attackers dropped a malicious payload that scraped cookie files for a week using a legal Microsoft Visual Studio component.

"Although mass cookie theft has been an issue, hackers are using a far more focused and efficient method to steal cookies. There is no limit to the kinds of nefarious activities attackers might engage in with stolen session cookies now that so much of the workplace is web-based. Hackers have the power to alter cloud infrastructures, corrupt corporate email, persuade other staff members to download malware, and even modify product code. Their own imagination is their only constraint," said Sean Gallagher, principal threat researcher at Sophos.

Cookies Access Systems Against Safety Protocols

According to Digital Trends, hackers are able to abuse different online tools and services as a result of cookie theft. This exploitation can occur in browsers, web-based programs, web services, malware-infected emails, and ZIP files. Since cookies are so popular, hacking with them is a sophisticated practice.

Sophos lists Emotet botnet as one cookie-stealing virus that preys on data in the Google Chrome browser. Acquiring data from credit cards and saved logins are the objectives. Even if the browser is encrypted and uses multifactor authentication, the Emotet botnet can still gather login information.

Ransomware organizations also gather cookies. As hackers exploit genuine executables that are both already present and ones that can bring with them tools, simple anti-malware defenses are unable to detect their actions, according to eSecurity Planet.

Read more »
User Privacy
Botnet Conti Emotet Google Chrome malware Ransom Ransomware TrickBot Trojan User Data User Privacy

New Emotet Variant Capturing Users' Credit Card Data from Google Chrome

 

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to capture credit card information from Google Chrome user accounts. 

After obtaining credit card information (such as name, expiration month and year, and card numbers), the malware will transfer it to command-and-control (C2) servers that are not the same as those used by the Emotet card stealer module. 

The Proofpoint Threat Insights team said, "On June 6th, Proofpoint observed a new Emotet module being dropped by the E4 botnet. To our surprise, it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader." 

This shift in behaviour follows an increase in activity in April and a move to 64-bit modules, as discovered by the Cryptolaemus security research group. One week later, Emotet began using Windows shortcut files (.LNK) to run PowerShell instructions on victims' devices, abandoning Microsoft Office macros, which were disabled by default beginning in early April 2022. 

The re-emergence of Emotet malware:

In 2014, the Emotet malware was created and used in assaults as a banking trojan. It has developed into a botnet used by the TA542 threat group (also known as Mummy Spider) to deliver second-stage payloads. 

It also enables its operators to steal user data, conduct reconnaissance on compromised networks, and migrate laterally to susceptible devices. Emotet is renowned for deploying Qbot and Trickbot malware trojan payloads on infected PCs, which are then used to spread more malware, such as Cobalt Strike beacons and ransomware like Ryuk and Conti. Emotet's infrastructure was destroyed in early 2021 as part of an international law enforcement operation that also resulted in the arrest of two people.

When Emotet research organisation Cryptolaemus, computer security firm GData, and cybersecurity firm Advanced Intel all spotted the TrickBot malware being used to deliver an Emotet loader in November 2021, the botnet returned utilising TrickBot's previously established infrastructure.

According to ESET, Emotet's activity has increased more than 100-fold since the beginning of the year, with its activity rising more than 100-fold against T3 2021.
Read more »
Spectre
Bypass of Security constraints Cyber Security Google Chrome JavaScript Sensitive data Spectre

Spook.js: Chrome is Threatened by a New Spectre Like Attack

 

A newly found side-channel attack targeting Google Chrome might allow an attacker to use a Spectre-style attack to bypass the web browser's security protections and extract sensitive information. Spook.js is a novel transient execution side-channel attack that specifically targets Chrome. Despite Google's efforts to minimize Spectre by installing Strict Site Isolation, malicious JavaScript code can still extract information in some instances. 

An attacker-controlled webpage can learn which other pages from the same website a user is presently viewing, collect sensitive information from these pages, and even recover auto-filled login credentials (e.g., username and password). If a user downloads a malicious extension, the attacker may obtain data from Chrome extensions (such as credential managers). 

Spectre, which made news across the world in 2018, makes use of vulnerabilities in contemporary CPU optimization features to get around security measures that prohibit separate programmes from accessing one other's memory space. This enabled attackers to steal sensitive information across several websites by attacking how different applications and processes interact with processors and on-chip memory, allowing a wide range of attacks against different types of applications, including web apps. 

Strict Site Isolation was implemented by Google Chrome, which prohibits several web pages from sharing the same process. It also divided each process's address space into separate 32-bit sandboxes (despite being a 64-bit application). 

Site Isolation is a Chrome security feature that provides extra protection against some sorts of security vulnerabilities. It makes it more difficult for websites that aren't trustworthy to get access to or steal information from your accounts on other websites.

Despite these safeguards, Spook.js, according to researchers from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, "shows that these countermeasures are insufficient in order to protect users from browser-based speculative execution attacks." 

“More specifically, we show that Chrome’s Strict Site Isolation implementation consolidates webpages based on their eTLD+1 domain, allowing an attacker-controlled page to extract sensitive information from pages on other subdomains,” they said. "Next, we also show how to bypass Chrome’s 32-bit sandboxing mechanism. We achieve this by using a type confusion attack, which temporarily forces Chrome’s JavaScript engine to operate on an object of the wrong type."

“Web developers can immediately separate untrusted, user-supplied JavaScript code from all other content for their website, hosting all user-supplied JavaScript code at a domain that has a different eTLD+1," the study recommended. “This way, Strict Site Isolation will not consolidate attacker-supplied code with potentially sensitive data into the same process, putting the data out of reach even for Spook.js as it cannot cross process boundaries."
Read more »
Vulnerability and Exploits
Chrome Google Google Chrome Patch Fix Vulnerability and Exploits

Chrome 92 Update by Google Patches 10 High Severity Vulnerabilities

 

Chrome 92 (92.0.4515.131), the Google security update issued for Windows, Mac, and Linux has patched at least 10 vulnerabilities. Chrome 92, is an update that improves browser efficiency on phish calculations, extends the scope of user website isolation technologies, and includes a few new 'Chrome Actions' to the repertory. 

The search giant established in California has awarded over $133,000 in rewards to users who identified some 35 vulnerabilities addressed in Chrome 92. At least 9 of the flaws were categorized under high severity, the current highest threat level from Google. 

The 360 Alpha Lab team from the Chinese cybersecurity company Qihoo 360's researchers Leecraso and Guang Gong have won $20,000 for detecting a high-severity vulnerability identified as CVE-2021-30590. The issue was described as a bookmark buffer overflow by Google. 

Leecraso told the SecurityWeek team that, CVE-2021-30590 is an issue of sandbox escape that could be "exploited with an extension or a compromised renderer." An intruder can exploit the fault to remotely execute code outside of the sandbox of Chrome. The vulnerability might be leveraged to breakout from the browser's sandbox because of its out-of-bounds write. And it would only need the user to download the extension to take advantage of. 

Google Chrome Sandbox is a creation and test environment for Google Chrome-based applications developers. A test and staging infrastructure is provided by the sandbox environment without the code getting tested for modifications to current code and databases. 

Two vulnerabilities uncovered by researcher David Erceg have also been rated with a high level of severity. CVE-2021-30592, characterized as an off-bound writing problem on Google's Tab Groups, rewarded him $10,000, while CVE-2021-30593 has earned him a $5,000 bug reward, which was defined as an out-of-bounds read bug in Tab Strips. 

“CVE-2021-30592 would require a malicious extension to be installed,” Erceg told SecurityWeek. “As for CVE-2021-30593,” he added, “it would be easier to trigger with an extension, though a web page could trigger the behavior under some more restricted circumstances. The impact is similar to CVE-2021-30592, in that an attacker could potentially escape the sandbox if they could set up memory in the appropriate way before the out-of-bounds read occurs. This issue could also be exploited on its own, but it does require some more specific interaction from the user.” 

CVE-2021-30591, an after-free flaw within the File System API is yet another elevated vulnerability that Google paid out at $20,000. Reportedly, it was discovered by the Researcher SorryMybad of Kunlun Lab.

It is worthy to be noted that Google pays up to $20,000 for Chrome's vulnerabilities of escape sandbox revealed in a high-quality report. If researchers additionally offer a functioning exploit, they can receive up to $30,000 for such flaws. 

Consumers must upgrade Chrome as soon as possible, given that the web browser seems to be increasingly targeted for malicious activity. It is worth noting that this year, Google fixed over half a dozen of zero-day vulnerabilities that were being actively exploited.
Read more »
XCSSET malware
Google Chrome macOS malware skype Telegram XCSSET malware

XCSSET, a MacOS malware, Targets Google Chrome and Telegram Software

 

As part of further "refinements in its tactics," a malware notorious for targeting the macOS operating system has been updated to add more elements to its toolset that allow it to accumulate and exfiltrate sensitive data saved in a range of programmes, including apps like Google Chrome and Telegram. This macOS malware can collect login credentials from a variety of apps, allowing its operators to steal accounts. 

XCSSET was discovered in August 2020, when it was found to be targeting Mac developers using an unusual method of propagation that entailed injecting a malicious payload into Xcode IDE projects, which is executed when the project files are built in Xcode. XCSSET collects files containing sensitive information from infected computers and delivers them to the command and control (C2) server. 

Telegram, an instant messaging service, is one of the apps that has been attacked. The virus produces the “telegram.applescript” archive in the Group Containers directory for the “keepcoder.Telegram” folder. By obtaining the Telegram folder, the hackers are able to log into the messaging app as the account's legal owner. The attackers gain access to the victim's account by moving the stolen folder to another machine with Telegram installed, according to Trend Micro researchers. Normal users have read and write permissions to the Application sandbox directory, XCSSET can steal sensitive data this way. 

The malware can read and dump Safari cookies, inject malicious JavaScript code into multiple websites, steal information from programmes like Notes, WeChat, Skype, and Telegram, and encrypt user files, among other things. Earlier this month, XCSSET received an update that allowed malware developers to target macOS 11 Big Sur as well as Macs with the M1 chipset by getting beyond Apple's new security standards in the current operating system. 

"The malware downloads its own open tool from its C2 server that comes pre-signed with an ad-hoc signature, whereas if it were on macOS versions 10.15 and lower, it would still use the system's built-in open command to run the apps," Trend Micro researchers previously noted. 

According to a new report released by the cybersecurity firm on Thursday, XCSSET uses a malicious AppleScript file to compress the Telegram data folder ("/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram") into a ZIP archive file before uploading it to a remote server under their control, allowing the threat actor to log in using the victim's account. 

"The discovery of how it can steal information from various apps highlights the degree to which the malware aggressively attempts to steal various kinds of information from affected systems," the researchers said.
Read more »
Subscribe to: Posts (Atom)