Security News

With Google Chrome being by far the most widely used web browser, Google must constantly tweak protections, rules and policies to keep malicious, unhelpful and otherwise potentially unwanted extensions out of the Chrome Web Store. The latest change of that kind has been announced for August 27th 2020, when Google plans to boot from the CWS "Low-quality and misleading" Chrome extensions.

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don't spam users with extensions that have similar functionality. The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!

Google just issued a Chrome update with a note that says, "This update includes 1 [critical] security fix." The bug itself is still a secret, even though the Chromium core of the Chrome browser is an open source project.

GitHub has released technical information on six vulnerabilities identified by one of its security researchers in the WebAudio component of Chrome. The researcher started looking for Chrome vulnerabilities while he was working for Semmle, which GitHub acquired last year for its code analysis platform.

Google has kicked 49 malicious Chrome browser extensions out of its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. On Tuesday, Harry Denley, MyCrypto Director of Security, said that malicious browser extensions aren't new, but the targets in this campaign are: they include the cryptocurrency wallets Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.

Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. Some of the extensions, he said, were supported by fake five-star reviews; some internet good samaritans also tried to warn others that the extensions were malicious.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.

Google has decided to keep support for the File Transfer Protocol in Chrome a bit longer, after initially saying it would completely remove it in Chrome 82. Due to the lack of support for secure connections or proxies, the implementation of FTP in Chrome creates security risks for users.

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account.