Security News > 2024 > June > Google Chrome to let Isolated Web App access sensitive USB devices
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer.
Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.
"The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB," Google noted in a Chrome status update.
"With this feature, Isolated Web Apps with permission to access the"Usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.
Isolated web apps are applications not hosted on live web servers but packaged into Web Bundles, signed by their developer, and distributed to end-users.
Google's proposed feature enables trusted isolated web apps to access a broader range of USB devices, allowing for greater functionality in a trusted setting.
News URL
Related news
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google Chrome change that weakens ad blockers begins June 3rd (source)
- Google Chrome reduced cookie requests to improve performance (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)