Security News

"In particular, the page can know which section of text was found using find-in-page, fragment navigation, and scroll-to-text navigation," the documentation says, adding that developers could also glean information about what the user navigated to - via scroll-to-text navigation, or typed into a find-in-page search box - based on which section of the page receives an event. The privacy risk of beforematch is not that of key logging - recording exactly what a web page user typed into a search dialog.

After delays to Chrome version 81 in March, and the scrapping of version 82 a month later, this week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned. First, it's not turned on by default, and might not even be visible under Settings > Privacy and security > Advanced.

Google this week released Chrome 83 to the stable channel with patches for a total of 38 vulnerabilities, with improved Safe Browsing protection, and updated privacy and security controls. The newly introduced Enhanced Safe Browsing protection in Chrome is meant to provide users with a more advanced level of security while browsing the web, by increasing protection from dangerous websites and downloads.

Google has released version 83 of it's popular Chrome web browser, which includes new security and privacy features and fixes for security issues. The enhanced Safe Browsing mode will allow users to get a more personalized protection against malicious sites.

Google deleted 49 malicious Chrome extensions from the Chrome Web Store in mid-April after Harry Denley, director of security at MyCrypto, found them phishing cryptocurrency users. The extensions impersonate Chrome extensions for legitimate cryptocurrency wallets, but when installed they pilfer the users' private keys and other secrets used to access digital wallets so that their authors can steal victims' funds.

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted - and some are still available to download. The dodgy add-ons masquerade as legit crypto-wallet extensions, and invite people to type in their credentials to access their digital money, but are totally unofficial, and designed to siphon off those login details to crooks. Denley provided The Register with a list of extension identifiers, previously reported to Google, and we were able to find some still available in the Chrome Web Store at time of writing.

Developers use a number of ways to breed extensions like a bunch of spam bunnies in Google's Chrome Web Store, which is the biggest extension catalog online. User Ratings, Reviews, and Installs: Developers are forbidden from manipulating their extensions' placement in the Chrome Web Store by doing things like cooking up bogus downloads, reviews or ratings.

With Google Chrome being by far the most widely used web browser, Google must constantly tweak protections, rules and policies to keep malicious, unhelpful and otherwise potentially unwanted extensions out of the Chrome Web Store. The latest change of that kind has been announced for August 27th 2020, when Google plans to boot from the CWS "Low-quality and misleading" Chrome extensions.

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don't spam users with extensions that have similar functionality. The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!