In Google Chrome, Microsoft Edge errors leave billions open to attack

In Google Chrome, Microsoft Edge errors leave billions open to attack

In Google Chrome, Microsoft Edge errors leave billions open to attack


google chrome, chrome web store, chrome download, google chrome download
credit : techradar.com


Billions of internet users are exposed to the cyberattacks threat as a result of a security case involving Chromium-based web browsers, including Google Chrome and Microsoft Edge, on Windows, Mac and Android.

Gal Weizman, a security researcher at PerimeterX, has exposed the potential threats to hackers to access the Content Security Policy (CSP) of various websites.
Malicious code insertion
Avoiding CSP means that attackers can access user data and insert malicious code into browser-level websites, with the exception of Chrome and Edge including Brave, Opera and Vivaldi in most operating systems.

In a blog post, Weizman explained that the error causes hackers to "completely violate CSP rules in Chrome version 73 (March 2019) by 83 (July 2020)".

He said that : “To better understand the magnitude of this risk is that, users can have a huge impact on the millions, Chrome has more than two billion users, and after this more than 65% of the browser market on the other hand, and some of the most popular sites on the website are at risk. . "

Weizman went on to explain that CSP is "the main method used by website owners to enforce data security policies to prevent the creation of harmful code on their website, so when browser usage is not eliminated, personal information is at risk."

Basically, CSP allows domain administrators to specify which other domains can contribute active texts to a web page. It is an effective way to prevent cross-site-scripts and other common browser-based attacks.
Websites that contain high quality content are at risk
But because of these shortcomings, users of top websites such as “Facebook, Wells Fargo, Gmail, Zoom, TikTok, Instagram, WhatsApp, Investopedia, ESPN, Roblox, Indeed, Blogger and Quora” are at risk of cyber attacks.

If the intruder wants to take advantage of this issue, he or she will need to intervene in the targeted web server, make changes to the Java 'JavaScript page and enter malicious code.

Weizman added: "With the exception of the above-mentioned sites (representing more than 2.5 billion users), it is safe to estimate that thousands of websites across all industries, including e-commerce, banks, telecommunications, government and services remain unsafe in hackers. inserting malicious code into them. "

What to do

Defects are scheduled with Chromium 84, released July 14. If you haven't updated your Chromium-based browser from now on, do it now.

Also Read : 

Click the menu icon at the top right of your windows, then scroll to the Help section and scroll up, then select About from the slide menu. (Some browsers have a section on Independence section.) This will help your browser to update itself.

In addition to Brave, Chrome, Edge, Opera and Vivaldi, other Chromium-based browsers include Amazon Silk and Yandex browser.

"It's important that we make it as difficult as possible for hackers to get into our accounts or steal our information," Jake Moore, an ESET security expert, told Tom's Guide. "Like most of the robberies, criminals will get target those who are safe or unaware first because it is very easy to hit those hung fruit."

"Using different and strong passwords that can make your browser sure up to date can help reduce many of the attacks like this," Moore said that : "Protecting yourself by a unique password builder fwho make all your accounts very difficult for hackers to speak ill. Forcibly enter."




Post a Comment

0 Comments