Security News

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's domain and tracking scripts on that site that call a server on an advertiser's domain. As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular.

Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an "Object lifecycle issue in audio."

Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw. "The Chrome team is delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux," according to Google on Tuesday.

This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. Infatica's code then uses the browser of anyone who has that extension installed to route Web traffic for the company's customers, including marketers or anyone able to afford its hefty monthly subscription charges.

In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered. In January and February 2021, the group was observed delivering the FriarFox extension, customized to specifically target the Firefox browser and provide attackers with access to and control of victims' Gmail accounts.

As browser-makers move to defang third-party cookies, marketers are increasingly switching to alternative tracking techniques. In 2019, Firefox was equipped with Enhanced Tracking Protection by default, blocking known trackers, third-party tracking cookies and cryptomining scripts.

Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code. The third-party cookies placed by these scripts can be read on other websites that also load tracking code and are often used to follow people from website to website in order to build interest profiles for behavioral ad targeting.

Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security. In a research paper to be presented in July at the 21st Privacy Enhancing Technologies Symposium, KU Leuven-affiliated researchers Yana Dimova, Gunes Acar, Wouter Joosen, and Tom Van Goethem, and privacy consultant Lukasz Olejnik, delve into increasing adoption of CNAME-based tracking, which abuses DNS records to erase the distinction between first-party and third-party contexts.

Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits. Onion domains visited by the browser to whatever DNS servers the software was configured to use for non-Tor websites, allowing whoever operates those DNS servers - or anyone who can snoop on the queries in transit - to figure out the kinds of hidden services frequented by an individual user.

Brave has fixed a privacy issue in its browser that sent queries for. Onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.