Google will block login activity from embedded frameworks in the browser
In order to enhance Chrome's protection against the rapid rise of man-in-the-middle (MitM) intermediate attacks, Google said it will officially add a blocking feature to login from embedded frameworks. in browser (embedded browser framework), used with some forms of fraud from June here.
Basically, frameworks embedded in browsers allow developers to add browsing capabilities to any application they create. A common example of a framework embedded in the browser is Chromium Embedded Framework (CEF), which allows developers to insert Chromium-based browsers in applications.
- [Infographic] How to recognize and prevent Phishing attacks
However, hackers, who are behind a phishing attack, can use the framework embedded in the browser to execute JavaScript on a web page, and at the same time automate user login activity. In the scenario for MitM campaigns, an attacker can automatically log in to Google's real service after capturing the login information and even the user's two-factor authentication code.
It is difficult to detect framework embedded in the browser
Jonathan Skelker, Product Manager and Account Security at Google, said that not only Google but most other developers are having trouble 'distinguishing between a legitimate login session and login session from those MITM attack on service platforms. And the most effective solution to this problem is to block login activity through specific service platforms'.
- Malicious ad campaigns abuse Chrome to steal 500 million iOS user sessions
In fact, this method is effective, but it can affect a lot of developers, because now they will automatically lose an easy way to provide authentication in the application. mine. One recommended alternative is to use browser-based OAuth authentication, which allows sharing login data while ensuring the security of information such as usernames and passwords.
'In addition to maintaining security, OAuth authentication also allows users to view and manage the entire URL of the page where they are entering their account information, thereby strengthening effective anti-phishing activities. more, 'Mr. Skelker said, at the same time recommending developers to implement this necessary transition.
- Authentication tool on many enterprise VPN applications that are bypassed by hackers
Essential moves by Google to protect user login information
Denying authentication from frameworks embedded in the browser is a measure similar to the limitations Google announced in 2016 on web views, which is also a factor related to embedded browsers.
- Google wants to block unsafe, potentially risky download files on Chrome
The trend to bring a safer login experience to users then continues to be boosted by Google at the end of October 2018, when Mountain View giant announced that JavaScript should be enabled in all browsers when Log in to Google services. With JavaScript running on the login page, Google can run analytics and only allow access sessions if everything is fine.
What do you think about this decision of Google? Leave comments in the comment section below!
You should read it
- Google released the API set for the .NET Framework
- Google launched Chrome 33, patched 7 new security bugs
- Google announced three new Chrome security features
- Google released Google Chrome 26
- Google put a hand on the tool bar on Chrome
- With Chrome 70, users will be allowed to deny web links, log in to the browser
- Google brought Chrome OS into Windows 8
- Now it is possible to hack Windows with Google Chrome
May be interested
- How to Check Google Historythis wikihow teaches you how to see your google activity on both a computer and a smartphone (or tablet), as well as how to view your google chrome history on desktop and mobile. open the google activity page. go to https://myactivity.go...
- How to block ads on Youtubein the process of using youtube you are very annoyed when the ads are embedded in the youtube videos. the following article details how to block ads on youtube the fastest way.
- How to block hateful ads on Microsoft Edge browsermicrosoft edge is highly rated for speed and user-friendly interface. therefore, microsoft edge convinces a considerable number of users. however, because edge is a new browser, the browser has not yet integrated the extension (calculated so far) to block ads like other browsers like chrome (adblock) and firefox.
- Block Google account with just 4 simple waysblocking a google account helps you prevent spam emails sent to you via google +, google hangouts, or gmail.
- Instructions to block pop-ups in all browsersthe advertising window on the browser annoys users when we surf the web. so how to turn off pop-ups on the browser?
- How to disable Containers feature on Firefox browser?containers are one of the new features that are integrated and introduced on the firefox 50 nightly build beta. this is a feature that allows users to log in to multiple facebook or google accounts at once on a single browser. best.
- Detecting a new ransomware strain that specializes in stealing login information from the Chrome browsera ransomware strain called qilin was recently discovered using a relatively sophisticated tactic, with high customization capabilities, to steal account login information stored in the google chrome browser. .
- How to Block Popups on Android Browserto block pop-ups (automatic pop-up windows, usually advertisements) in your android device's main web browser, click browser or internet → click the menu or more button → select settings ( settings) → click on advanced → make sure the 'block pop-ups' option is enabled.
- What is an embedded computer? Concept, how it works and benefitsan embedded computer/embedded pc is a dedicated computer system that forms an integral part of a larger machine or system.
- Instructions to turn off Google Bard active storagewhen we access the google bard and operate and communicate with the google bard, it will be saved as history. all chats are displayed and managed on the left edge of the google bard interface.