The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Latest Cyber Security, Hacking & Tech News: addons

Firefox Browser vulnerable to Man-in-the-Middle Attack

Firefox Browser vulnerable to Man-in-the-Middle Attack

September 19, 2016Mohit Kumar
A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel
Google makes it mandatory for Chrome Apps to tell Users what Data they collect

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

April 19, 2016Mohit Kumar
In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google’s new User Data Policy will now force app developers, who use the Chrome We
Google Chrome added pop-up warning to prevent users from Browser hijacking

Google Chrome added pop-up warning to prevent users from Browser hijacking

February 04, 2014Anonymous
GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in ' Pwnium ' hacking competition for finding critical vulnerability. Google Chrome , Browser from Google product family, has been added with a new feature that it will warn the user whenever browser’s setting get altered by any malware . Browser hijacking is the modification of browser's settings, and the term " hijacking " is used when the changes performed without the user's permission. A browser hijacker may replace the existing home page, error page, or search page with its own. These are generally used to force hits to a particular website, increasing its advertising revenue i.e. Click jacking and Adware . A hijacker uses malicious software to change your internet s
Adware Companies buying popular Chrome extensions to inject Ads and Malware

Adware Companies buying popular Chrome extensions to inject Ads and Malware

January 20, 2014Wang Wei
Browser extensions are extra features and functionality that you can easily add to Google Chrome, Firefox and other popular Browsers, but they can be used to serve malicious adware , which automatically renders advertisements in order to generate revenue for its author.  Hackers are now taking their business rather more seriously than we thought. Even a single instance of malicious adware on your PC can inject bad ads or malware to your browser. Ads are a legitimate way to monetize. However, creating and spreading a fresh add-on to get a large user base is always tough, but now adware companies found a new trick i.e. Buying trusted browser extensions with a large user-base and exploiting their auto-update status to push out adware. Recently, the developer of ‘ Add to Feedly ’ Chrome extension with 30,000+ users, Amit Agarwal , was approached by some mysterious buyers. “ It was a 4-figure offer for something that had taken an hour to create and I agreed to the deal ,” he said . &quo
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.