Category Archives: Chrome

The Chrome browser is a suite of software owned by Google and because nothing is secure on the Internet, it is the subject of numerous hacks, ID thefts and passwords.

Zero-day flaw discovered on Google's Chrome browser

According to online media outlet 20 Minutes, Google's chrome browser is hit by a Type 0 day security breach.

According to the same media, this vulnerability is already being exploited by hackers. Apparently, the security flaw is related to a memory corruption problem in the Google Chrome font library. The good news for browser users, a correction update.

This article will also interest you: Chrome users exposed to espionage

So far little information has leaked about the security flaw. Google wanted to keep a low profile on the subject for now. All she mentioned as details was that the vulnerability particularly affects the FreeType font library. Program available in the standard version of the American giant browser.

According to rumors, the security flaw, would already be actively used by hackers to carry out several attacks. Incidents that would have been detected by researchers who specialize in finding vulnerabilities in Google's Project Zero.

In other words, browser users are clearly exposed as indicated by the online media. As for the correction update, the Mountain View firm does not give enough details. Nor can it know what types of computer attacks could have been initiated through the security vulnerability. Clearly, little information has been provided about the security breach by the American giant. Which seems on the one hand that this silence of Google is certainly aimed at not providing sufficient details to hackers who generally remain tuned, until the total effective deployment of the security update. This can be seen as a precautionary measure designed to best protect users.

Google's decision not to expose the entire security flaw is wise enough in some respects. Indeed, the police library that is affected by this vulnerability is an open source program. Especially since, the security patch deployed when it is applied is clearly visible on the program's own source code. In other words, he recommended that your Chrome browser be updated as happily as possible, if you are a user.

Another important point to raise about this security flaw is that it certainly doesn't affect Google Chrome alone. Indeed, the police library concerned in our case being an open source program, used on other computer program and application. As a result, the Google researcher issued an alert to publishers who use it in their service, while offering an update for their platform.

For the Chrome update, you can go directly via the PlayStore or just do it through the app. "Just click on the three small dots at the top right of the window, then go to Help and finally About Google Chrome. You'll see if your browser is up to date or not. The version containing the fix of the flaw discovered this week is the v. 86.0.4240.111. advises Nathan Le Gohlisse.

Now access an unlimited number of passwords:

Check out our hacking software

Chrome users exposed to espionage

Researchers at Awake Security told the Reuters news agency that they had discovered a spying program on Google Chrome's browser.

This malware currently affects more than 32 million downloads of Chrome-related extensions.

Unfortunately this is not a completely new problem because it is recurrent, especially in this sector. And this is not the kind of thing that pleases security experts. Indeed the problem is quite logical and frustrating, when we know that browsers are used for virtually any service, in the majority presents an undeniable risk to privacy as well as the confidentiality of connections. The secure (navigator) then becomes an almost impossible mission.

Thanks to a recent analysis, researchers at Awake Security have shed light on new software that poses a risk to users' privacy and privacy. A spying program, which targets millions of users, according to what was reported by the Reuters news agency. We are talking at this level of 32 million downloads that would be infected by this spyware. Even the extensions available on Google's official store are also affected by this corruption. The Mountain View giant said last month it had removed more than 72 of its malicious extensions. But beyond that, an analysis showed that using extensions on its browser slowed it down considerably. "When we were alerted to extensions of our web store violating our policy, we took action and used these incidents as training materials to improve our automated and manual analysis," Scott Westover, spokesman for Awake Security, told Reuters.

The paradox in this story is that the majority of extensions that are pointed out as being the one that houses this malware, are usually products used by users to protect them from malicious websites. Another part of her tools and she used to convert file formats.

One of the features of this spyware according to the cybersecurity company, will be the collection of navigation data such as historical, as well as access to internal tools, to surely allow cyber criminals to carry out certain actions including malicious purposes.

According to Scott Westover, this spread of this software presents itself as the largest wave of espionage by downloading extension. Analysts have shown that a large proportion of chrome users have passed on personal information without their knowledge, only by visiting corrupted websites. But on the other hand, corporate networks seem to have sufficiently resisted this wave of espionage, thanks in particular to their security service, that they have managed to prevent the exfiltration of their data to external servers, for example by preventing access to malicious websites. In all cases, individuals are less protected than businesses in this kind of context. With the negligence of ordinary users, it is not uncommon to see these kinds of vulnerabilities spread.

In addition. Google has recently developed new features in its browser to make its use more secure. It is therefore recommended not to miss the recent updates available.

The domain names affected by this espionage problem are according to the cybersecurity company numbering 15,000, each having a connection with the other. They are believed to belong to an Israeli firm called Galcomm, still known in the field as CommuniGal Communication. When questioned by the Reuters news agency, the Israeli company denied: "Being involved or complicit in malicious activity. ». Gary Golomb, the founders of Awake Security, noted in this context: "This shows how hackers can use extremely simple methods to hide, in this case, thousands of malicious domains."

For now, investigations continue to find hackers behind this wave of cybercrime. The hackers, who could have initiated have not yet been determined. Apart from that, it would seem that, wave games of corruption extensions hides another malicious activity not disclosed at the moment.

Now access an unlimited number of passwords:

Check out our hacking software

Google removes 500 malicious extensions from its Chrome Web Store

Recently it was discovered a set of extensions that pushed users to malicious sites while injecting unwanted advertising.

There have been 500 such extensions. Google then caught on him from them remove from its official online store.

Its malicious extensions were discovered by IT security specialist Jamila Kaya and her Duo Security team at Cisco. The investigation that concluded with this discovery lasted more than 2 months.

This article will also interest you: Google Chrome: Google's vulnerable browser

How it works so these malwares. According to the specialist, the extensions injected advertising malicious when users were opening browsing sessions. and once the conditions for activation have been met, malicious acts the user was automatically written to certain sites. Internet. In some cases, cases, they were sent to websites such as The Act, Dell or BestBuy, in other cases, if not the majority, it was to software download sites they were sent. So to speak a coup classic phishing.

According to the report of the experts who discovered the these extensions were not there by chance. It was actually a malware network as part of a very large operation that had been running for at least two years. According to the team, the pirates the basis of this would be active since 2010.

According to researcher Jamila Kaya, millions of users would have been victims of this superch on a large scale. It's following a routine search that she came across the extensions and their illicit activities. "Individually, I identified more than a dozen extensions that shared the same model (…) I have contacted Duo, and we were able to quickly identify them through the CRXcavator data and discover the entire network." According to the Duo team, extensions that were discovered from the beginning had actually affected about 1.7 million people using Google Chrome. "Then we shared our findings with Google, which was receptive and collaborated elimination of extensions," explains Jamila Kaya.

Immediately after the researchers' discoveries, Google also conducted internal investigations, resulting in detecting all extensions following the same model. What happened ended with the banning of 500 malicious extensions in total. However, even if it is not known exactly how many are in circulation, it is very likely that the number could reach millions. The search is therefore ongoing.

It should then be noted that this is not the first malicious extension network discovered on chrome. And there are many more. That's why he asked users to always be vigilant. "The list of affected extensions is included in the Duo report. When Google banned extensions from the official store, it also disabled them in each user's browsers, while marking the extension as "malicious" so users would know it should be removed, not reactivated. notes the experts of the Duo team.

Now access an unlimited number of passwords:

Check out our hacking software

Google Chrome: Google's vulnerable browser

The American giant Google, has just discovered that its "Chrome" far browser had two critical security flaws.

Its flaws were detected earlier this week, but some argue that it was discovered rather. In addition, these vulnerabilities would be very actively used by hackers to gain control of infected terminals. It is therefore in a hurry that Google recommends to all actors using Chrome, to update it as soon as possible, if not their browser at the risk of putting the personal data naked.

This article will also interest you: A group of Asian hackers is using a Chrome extension to corrupt the systems of its victims

The discovered and 0-day type flaw. Earlier this week, the US giant announced on its official website that it had become aware of two vulnerabilities. they were discovered by cybersecurity researchers from the Russian company Kaspersky. discovered vulnerabilities allow hackers to grant themselves administrator privileges and also control the PC remotely. In other words it will be possible for the hacker to control your computer remotely without you even realizing it. "An attacker could install programs, view, edit or delete data; or create new accounts with full user rights," said the Center for Internet Security.

And this is possible if by bad luck you visit a page corrupted web. Google what does this technique mean to be used now? by several hackers.

For the time being, the American company has preferred not to divulge too much more technical information about the various flaws until users of its browser have yet to protect themselves "Access to the details of the flaws is restricted until a majority of users were able to install the update with a fix" explains Google in the report it publishes.

in any due diligence Google has deployed a security patch to plug the two safety branches. As a result, we listen massive users to install the security fix 78.0.3904.87 as soon as they can on different media such as Windows Linux or Mac. Users are even advised to consider activating the update automatic: "About Google Chrome" later check "Update Chrome automatically for all users.

as a reminder we can count the third time in less than 6 months that the American company, discovers a flaw. that's why it's asking its users to update its software to fill a security gap. moreover, it has not been mentioned anywhere that these security vulnerabilities Discovered, there is nothing to do with those discovered previously during the month of January or that of March that were so well filled by the Mountain View firm.

Now access an unlimited number of passwords:

Check out our hacking software

Google accused by Brave of misappropriation of personal data for advertising purposes

the Chrome's competitor, the Brave browser, accused Google of creating a system to collect certain data without users' knowledge Personal.

According to the competing browser, Google would create so-called "Push Pages." These pages allow to produce unique identifiers that are attached to each user and that will allow them to be tracked on the internet. Brave's accusation is understandable when you consider that the browser's management has always had a head on the list since 2016 to compete with US giant Google.

This article may also be of interest to you: Google and YouTube, fined $170 million for failing to protect personal data related to children

also since September 4 the browser claims that Google is violating the regulations European Commission on Personal Data, the RGPD. For him, some Google's obligations regarding the collection and treatment of Google personal data is not respected by the latter. And that it's up to through its "push pages" mechanism, "by which Google invites several companies to share a person's profile identifiers when they load a web page." Brave argues that "all the companies that Google invites you to access a Push Page receive the same ID for the person profiled (…) Each Push Page is distinguished by a code of nearly 2,000 characters, which Google adds at the end to uniquely identify the person on whom Google shares information. This, combined with other cookies provided by Google, allows companies to identify 'pseudonymously' the person in circumstances where it would not be otherwise possible."

one knows that, in 2018 precisely on September 5, in a press release, the giant U.S. Google had a fact but they have to don't sell the data users' personal services to companies for advertising purposes. However, the downside in this statement is that Google had mentioned that it allowed its advertisers to advertise in a way that Relevant. What could that say? His spokesman questioned by the media had even mentioned that Google: "Don't doesn't run personalized ads or share bid requests without the user's consent."

in 2018 the Brave browser mentioned in a report "Every time a person visits a site and sees it displayed on 'behavioural' advertising, intimate personal data that describes each visitor, and what he watches, are broadcast to dozens or hundreds of companies. Advertising technology companies broadcast this data on a large scale in order to solicit offers from advertisers to get the attention of the person visiting the site."

For now it is known that Google's competitor has filed a complaint with the Irish government agency responsible for protecting the flow of personal data via the web stadium equivalent to the CNIL. While waiting for the reaction of the government institution one wonders what are the foundations of the brave navigator. This would not be a first in this area when we know on which models are based on the economics of the web giants.

Now access an unlimited number of passwords:

Check out our hacking software