Security News
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting. Open Source Insights is a Google Cloud Platform-hosted tool that's accessible via a website into which users can enter the name of specific open source packages and get an overview of how they are put together.
Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group to collaborate on standardizing browser extensions to enhance both security and performance. "With multiple browsers adopting a broadly compatible model for extensions in the last few years, the WECG is excited to explore how browser vendors and other interested parties can work together to advance a common browser extension platform," the browser vendors said.
Google is tightening its privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The Google Advertising ID, analogous to Apple's IDFA, is a unique device identifier that can be used by app developers to track users as they move between apps to target ads better and measure the effectiveness of marketing campaigns.
Google has announced a new experimental Abuse Research Grants Program for abuse-related tactics and product issues outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program. Grant amounts for the new Abuse Research Grants Program will vary from $500 up to $3,133.
Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. Currently, 75% of all add-ons on the platform are compliant, the company pointed out, adding "Any extensions built by a developer who follows the Chrome Web Store Developer Program Policies, will be considered trusted by Enhanced Safe Browsing."
Google has built an online tool that maps out all the dependencies in millions of open-source software libraries and flags up any unpatched vulnerabilities. "It then constructs a full dependency graph - transitively tracking dependencies, dependencies' dependencies, and so on - and incorporates the metadata, then publishes it so you can see how it all might affect your software. And the information it provides is continually updated."
This time around, the Google PPC ads targeted specific IP ranges in the U.S. and "Probably some other countries," researchers wrote. Google says that it uses proprietary technology and malware detection tools to "Regularly scan all creatives", that it forbids ads when they try to call fourth parties or sub-syndication to uncertified advertisers, that it pulls ads distributing malware, and that authorized buyers whose ads are found to contain malware are placed on a minimum three-month suspension.
Google has added new protection capabilities for Enhanced Safe Browsing users in Chrome, warning them when installing untrusted extensions and allowing them to request more in-depth scans of downloaded files. The Safe Browsing feature, available in Google Chrome since 2007, warns you of dangerous events when visiting malicious websites by checking URLs against a list of unsafe sites stored within Chrome.
Google has made it possible for you to password protect your search history within your cloud account. Did you know anyone could walk up to your computer and view your Google search history? Anything you have searched for in Google is visible.
Egnyte announced new integrations with Google Workspace and Dropbox to help companies secure and govern their sensitive cloud content. The integrations enable companies' Google and Dropbox users to apply Egnyte's platform to locate their valuable content in each cloud solution and control risks via a unified, turnkey approach.