Google Chrome | Breaking Cybersecurity News | The Hacker News

To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use

Ever since the launch of Windows 10, Microsoft has been heavily pushing its Edge browser, claiming it to be the best web browser over its competitors like Mozilla Firefox, Opera and Google Chrome in terms of speed and battery performance. However, Microsoft must admit that most users make use of Edge or Internet Explorer only to download Chrome, which is by far the world's most popular internet browser. Something hilarious happened recently during a live demonstration when a Microsoft engineer caught on a video switching from Edge to Chrome after the default Windows 10 browser stopped responding in the middle of the presentation. That is really embarrassing. The incident happened in the middle of a Microsoft Ignite conference, where the Microsoft presenter Michael Leworthy was demonstrating how to one can migrate their applications and data to Microsoft Azure cloud service. See what happens in the video below: However, Leworthy was forced to pause his Azure presenta

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents and video, and has more than 37,500 users. Unfortunately, the Chrome extension of Copyfish has been hijacked and compromised by some unknown attacker, who equipped the extension with advertisement injection capabilities. However, its Firefox counterpart was not affected by the attack. The attackers even moved the extension to their developer account, preventing its developers from removing the infected extension from the store, even after being spotted that the extension has been compromised. "So far, the update looks like standard adware hack, but, as we still have no control over Copyfish, the thieves might update the extension another time… until we get it back," the de

As a punishment announced last October, Google will no longer trust SSL/TLS certificate authorities WoSign and its subsidiary StartCom with the launch of Chrome 61 for not maintaining the "high standards expected of CAs." The move came after Google was notified by GitHub's security team on August 17, 2016, that Chinese Certificate Authority WoSign had issued a base certificate for one of GitHub's domains to an unnamed GitHub user without authorization. After this issue had been reported, Google conducted an investigation in public as a collaboration with Mozilla and the security community, which uncovered several other cases of WoSign misissuance of certificates. As a result, the tech giant last year began limiting its trust of certificates backed by WoSign and StartCom to those issued before October 21st, 2016 and has been removing whitelisted hostnames over the course of several Chrome releases since Chrome 56. Now, in a Google Groups post published

What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn't it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. How Browsers Works With Camera & Microphone Before jumping onto vulnerability details, you first need to know that web browser based audio-video communication relies on WebRTC (Web Real-Time Communications) protocol – a collection of communications protocols th

A security researcher has discovered a serious vulnerability in the default configuration of the latest version of Google's Chrome running on any version of Microsoft's Windows operating system, including Windows 10, that could allow remote hackers to steal user's login credentials. Researcher Bosko Stankovic of DefenseCode has found that just by visiting a website containing a malicious SCF file could allow victims to unknowingly share their computer's login credentials with hackers via Chrome and the SMB protocol. This technique is not new and was exploited by the Stuxnet — a powerful malware that specially designed to destroy Iran's nuclear program — that used the Windows shortcut LNK files to compromise systems. What's make this attack different from others is the fact that such SMB authentication related attacks have been first time demonstrated on Google Chrome publicly, after Internet Explorer (IE) and Edge. Chrome + SCF + SMB = Stealing Windows

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Okay, then before going to the in-depth details, first have a look at this demo web page  ( note: you may experience downtime due to high traffic on demo server ), set up by Chinese security researcher Xudong Zheng, who discovered the attack. " It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL o

Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack… …Just Don't Download and Install It. It's a Trap! Scammers and hackers are targeting Google Chrome users with this new hacking scam that's incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems. Here's What the Scam is and How it works: It's a "The 'HoeflerText' font wasn't found" scam. Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website that had allegedly already been compromised, possibly due to failing to apply timely security updates. The scam is not a new one to identified by NeoSmart. It has been making rounds since last month . The hackers are inserting JavaScript into poorl

Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security. Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as " Not Secure " — the first step in Google's plan to discourage the use of sites that don't use encryption. The change will take effect with the release of Chrome 56 in January 2017 and affect certain unsecured web pages that feature entry fields for sensitive data, like passwords and payment card numbers, according to a post today on the Google Security Blog . Unencrypted HTTP has been considered dangerous particularly for login pages and payment forms, as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card data as they travel across the network. In the following release, Chrome will flag

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We

Google is planning to make Chrome faster in order to provide its users fast Internet browsing experience. Thanks to a new, open-source data and web compression algorithm for the Internet called Brotli , which Google announced last year to boost its web page performance. With Brotli, Google will speed up Chrome and users could get a significant performance boost in coming months. Google introduced Brotli last September and claimed that the new algorithm is a "whole new data format" that could reduce file sizes by up to 26 percent higher than Zopfli , the company's three-year-old web compression technology. Net result – Fast Internet Browsing In a post on Google+ on Tuesday, web performance engineer at Google Ilya Grigorik announced that the new algorithm is coming to Chrome soon, which will change the way files are compressed, improving loading speeds by a quarter. Besides faster loading speeds, Brotli also have additional benefits for smartphone users, which

Security researchers have uncovered a new piece of Adware that replaces your entire browser with a dangerous copy of Google Chrome , in a way that you will not notice any difference while browsing. The new adware software, dubbed " eFast Browser ," works by installing and running itself in place of Google Chrome The adware does all kinds of malicious activities that we have seen quite often over the years: Generates pop-up, coupon, pop-under and other similar ads on your screen Placing other advertisements into your web pages Redirects you to malicious websites containing bogus contents Tracking your movements on the web to help nefarious marketers send more crap your way to generating revenue Therefore, having eFast Browser installed on your machine may lead to serious privacy issues or even identity theft. What's Nefariously Intriguing About this Adware? The thing that makes this Adware different from others is that instead of taking contr

Microsoft wants Windows 10 users to use its Edge browser , and the company is pulling every trick out to make it happen. In a newly leaked Windows 10 preview release ( build 10568 ) , Microsoft has added a new prompt that appears whenever you try to switch away from default apps, including Microsoft Edge . Considering the wide adoption of Microsoft's newest operating system Windows 10, it seems that users are still hesitant in adopting Edge browser that comes bundled with  Windows 10 . To help encourage a higher adoption of Microsoft's default apps bundled with Windows 10, the software giant seems to be taking some steps. Come, Give Microsoft Edge A Shot!  If you already have Microsoft Edge as your default browser, then installing another rival browser, such as Google Chrome or Mozilla Firefox , and switching the defaults will make a dialog box with " Give Microsoft Edge a shot " appear. The prompt highlights some of the latest features in

Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly. Yes, you can crash the latest version of Chrome browser with just a simple tiny URL. To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser. The issue was discovered by security researcher Andris Atteka , who explained in his blog post that just by adding a NULL char in the URL string could crash Chrome instantly. Atteka was able to crash the browser with a 26 character long string, which is given b

We found a high concern for cybersecurity tactics and an increased awareness of the challenges that it brings. This week, we shared lots of stories with our readers, and to help them in identifying the biggest malware threats to their online safety. We are here with the outline of our last week stories, just in case you missed any of them ( ICYMI ). We recommend you read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: ➢ How Hackers Can Hack Your Gmail Accounts? Getting smarter in their phishing tactics, hackers have found out ways to fool Gmail's tight security system by bypassing its two-step verification. Hackers are now using text messages and phone-based phishing attacks to circumvent Gmail's security and take over your Gmail accounts. — Read more . ➢ Not Just Windows 10, Windows 7 and 8 Also Spy on You Laughing at controversial data mining and privacy invasion featur

Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with it because it uses too much memory and power. Google has now solved these problems. The most recent release of Chrome ( Chrome 45 ) is intended to make your browsing experience faster and more efficient. Google launched Chrome 45 for Windows, Mac, Linux, and Android two days ago, but the company announced in an official blog post Friday that the new version includes several new updates that focus on making the browser load faster and use less memory. Also Read:  I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here's My Secret Chrome 45 Uses 10% Less RAM A major issue reported by Chrome users was the browser's consumption of PC mem