Chrome - NEWS POLITE

Google Chrome Safe Browsing Feature Updated With Real-Time Privacy-Preserving URL Protection

Google Chrome offers users a Safe Browsing feature that checks for malicious URLs before loading web pages, and the search giant has now given it a major upgrade — a privacy-preserving real-time link scanning mechanism that checks an encrypted version of links that a user is visiting via an independently operated server. While the company claims that the ‘standard’ version of the browser’s Safe Browsing feature is much more effective at detecting threats, the ‘enhanced’ version will still be more effective against specific threats.

The company stated in a blog post that it was upgrading the standard version of the Safe Browsing feature with a real-time protection protocol that it claims is much more effective at protecting users from unsafe sites. Until now, the standard Safe Browsing mode would check for malicious websites from a list that was regularly downloaded onto a user’s smartphone or computer — the upgrade will now allow Google to check for dangerous URLs via a third-party server.

Google says that when you visit a website, Chrome will check the locally stored list of websites for malicious URLs, following up with a real-time check if it is not in the database. In order to do so, the browser hashes the URL, truncates them into smaller prefixes, and encrypts them before sending them to a third-party ‘privacy’ server operated by Fastly.

This third-party server will strip away potential user information, mixing the requests with those of other users, and send them to the Safe Browsing server. Google will then check the truncated prefixes with its server-side database — if a match is found, Google checks the full hash of the original URL against the unsafe URL hash and shows a warning if they match.

The upgraded ‘standard’ Safe Browsing mode with real-time checks
Photo Credit: Google

According to the company, one of the advantages of the real-time, privacy-preserving Safe Browsing is that unsafe sites can be blocked as soon as they are detected. Another benefit of the server-side scanning for malicious URLs is that the list of unsafe sites can be much larger than the one that is stored on a user’s device.

The upgrade to the standard Safe Browsing mode is now available to users on Chrome for iOS and Chrome for Windows, macOS, and Linux computers. Google says that it will roll out to users on Android over the coming weeks. Meanwhile, users who want even more AI-based protection from malicious URLs, as well as Chrome extension and file scanning can opt for the enhanced version of the Safe Browsing feature, according to the company.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome Update Fixes High-Severity Zero-Day Vulnerability That Was Actively Exploited

Google is rolling out a security patch for its Chrome web browser that fixes a security flaw that could allow a malicious user to run dangerous code on a user’s computer. The update is available for Windows, macOS, and Linux computers and users should install the latest version in order to remain protected from the zero-day vulnerability — the sixth one to be patched by Google this year. The company is expected to provide more information once the update has been rolled out to several users.

Spotted by Android Central, the update to Google Chrome 119.0.6045.199 for macOS and Linux began rolling out to users earlier this week, alongside version 119.0.6045.200 for Windows computers with a fix for a zero-day vulnerability in tow. These are flaws that were previously unknown to the developers of the software, making them a target for malicious users.

With the latest Google Chrome update, the company has patched the security bug tracked by the National Institute of Standards and Technology (NIST) as CVE-2023-6345. While the company hasn’t revealed a great deal of information related to the security flaw, the firm says it knows that “an exploit for CVE-2023-6345 exists in the wild” in its release notes for the latest update. Users should enable automatic updates for Chrome or manually update to the latest versions in order to get the latest fixes.

Meanwhile, the entry for the vulnerability on the NIST website has been assigned a “High” severity level. The description states that it is related to the open source Skia library that is used in Google Chrome. An attacker could use a malicious file to compromise the renderer process and escape the sandbox — a system designed to separate the browser and the system, to keep the latter protected.

The company credits Benoît Sevens and Clément Lecigne from its Threat Analysis Group (TAG) with discovering the vulnerability that was found on November 24 and swiftly patched by the company. At the moment, it is unclear whether other browsers and applications that are also based on Google’s open-source Chromium browser project are also affected by the flaw, or when they will receive updates with security patches.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Nothing Phone 2 Price in India Gets a Permanent Price Cut; Now Starts at Rs. 39,999

UN to Educate Over 22,000 Staff Members on Blockchain, Web3: Here’s Why

Check out our Latest News and Follow us at Facebook

Original Source

Fake Google Chrome, Safari Updates Infecting Mac Computers With AMOS Malware

Fake Google Chrome and Safari updates for macOS are being used to infect Mac computers with the nefarious Atomic Stealer malware, also known as AMOS. Distributed to Mac owners as part of a social engineering campaign, AMOS can steal passwords, private files stored on a Mac. Users will need to stay alert and possibly use web protection tools in order to protect themselves from malware distributed by social engineering, as malware creators appear to be turning their attention to Mac owners.

Security firm Malwarebytes shared details of the latest version of Atomic Stealer, malware that is distributed to macOS users via ClearFake, a campaign that uses hijacked WordPress websites to deliver fake browser updates for Chrome and Safari. The distribution of AMOS via ClearFake to macOS users was recently spotted by Ankit Anubhav, a security researcher.

The fake Google Chrome update page shown to users
Photo Credit: Malwarebytes

The malware is distributed via hijacked sites that closely resemble the Google Chrome download page, and a fake Safari update page that uses outdated icons from older macOS versions. However, the rest of the webpage design might convince some users to click and download the malware, while the fake Chrome download looks more convincing.

When the user clicks the download button, the malicious .dmg file is then downloaded to the Mac computer, disguised as a browser installer. Once it downloaded and opened, the user is prompted to enter the administrator password that will run nefarious commands on the device, including stealing passwords from Apple’s Keychain and exfiltrate document, images, wallets and other data from the user’s desktop and documents folders on macOS.

In order to stay protected from the malware, users will have to make sure they use some form of web protection — such as the Safe Browsing setting inside Google Chrome. Doing so might block some of these malicious sites from loading altogether.

Meanwhile, users should avoid downloading installers for Chrome from unknown websites. These social engineering websites are aimed at fooling users who might find it difficult to discern which websites are genuine. A good rule of thumb is to check whether the address bar shows google.com. On the other hand, Apple does not distribute Safari updates outside of operating system updates, so there are no official downloads that can be installed by users.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Redmi K70E With MediaTek Dimensity 8300 Ultra SoC Officially Teased; Key Specifications, Design Surface Online

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome Resumes Transition to Manifest V3 That Will Cripple Ad Blockers in 2024

Google Chrome will complete its transition to its Manifest V3 extension specification in 2024, the company recently announced via a blog post. The switch to Chrome’s Manifest V3 from the previous version is expected to severely limit the functionality of extensions on the world’s most widely used web browser — including several popular ad blockers. Google’s changes are expected to affect several other browsers that also rely on the Chromium engine, while Firefox and Safari are unlikely to be affected.

The search giant recently published a blog post with an updated timeline for transitioning to Manifest V3 for Google Chrome. Google’s updates to the specification will change how ad blocking extensions interact with the browser while also adding limitations on how much access they have to the browser and how they function on a user’s computer — some of these changes have been made to improve user security, according to Google.

The company was expected to drop support for Manifest V2 and complete the transition process last year, but faced intense pushback from privacy groups, developers, and users who rely on extensions that would be hindered by the move. More recently, YouTube began a global crackdown on ad blockers that prevents users with ad blockers from viewing videos on the platform, while raising the price of its ad-free YouTube Premium subscription in seven countries.

Google says it has made some changes to Manifest V3 that accommodate some of the changes requested by groups that are opposed to the upcoming changes to the extension specification that would affect ad blockers. These include scaling back restrictions on the Declarative Net Request API and improving support for content filtering — functionality offered by ad blockers.

While Google has made some accommodations for ad blockers that have allowed some developers to create addons that can offer similar functionality as Manifest V2 extensions, an Electronic Frontier Foundation staffer told The Verge that Chrome’s Manifest V3 limits developers of extensions and that everyone would end up relying on Google to update its API to be able to block advertisers and trackers via extensions.

As per Google’s updated timeline, extensions that support Manifest V2 will be disabled on three Chrome channels in June 2024 — Canary, Dev, and Beta. These changes will be introduced with Chrome 127 and later. Users won’t be able to install older Manifest V2 extensions (these will lose their Featured badge) and existing ones will be disabled on the browser, according to the search giant.

There’s no concrete timeline on when these changes will arrive on the stable update channel, where it will affect the largest number of Chrome users. Google says it expects the process of observing and stabilising the changes to take “at least a month”. Meanwhile, Google has urged extension developers to complete the process of migration to Manifest V3 before June 2024.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome Gets Material You Redesign, New Security Features: Details

Google Chrome is getting a fresh coat of paint for its 15th birthday. The world’s most widely used browser is also getting new features aimed at improving user security. The app has received a new Material You-themed redesign that brings customisable colour palettes, a redesigned Chrome Web Store with AI-powered extensions, and improved Safe Browsing that will automatically flag dangerous sites and files. Additionally, Google will also make web surfing easier by allowing users to pin the Google Search side panel to the toolbar.

In a recent blog post, Google announced that Chrome will get a desktop redesign in the near future. The update will bring refreshed icons with improved legibility and new customisable colour palettes that sync with open tabs and the toolbar. These new themes and colour palettes will help users differentiate between profiles at a glance, according to the tech giant. Additionally, Google will add a more comprehensive menu offering easy access to Chrome extensions.

The Chrome Web Store has also been redesigned as part of the latest update. Users will see new a section for extensions that are powered by artificial intelligence. Google has also added a section for Editors’ spotlight picks.

Furthermore, Google is also introducing new search features that will make web surfing easier for users. The update will make it easier to find related searches, access a page’s source, or start another search via the Google Search side panel. This can be accessed by tapping on three-dot menu. Users can even pin the Google Search side panel in the toolbar.

Chrome is also getting an important security upgrade that will allow the browser to automatically flag unsafe pages or files. Until now, Chrome used to check every site visited by users every 30-60 minutes. However, with the new security update, every webpage will be checked and flagged to users in real time — to protect users from dangerous websites that exist for a short period of time. Google claims that this change will improve the protection against malware and phishing threats by 25 percent, compared to the previous version of Safe Browsing.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Reliance Partners With Nvidia to Develop AI Language Models, Generative Apps

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome Rolls Out Support for ‘Privacy Sandbox’ Ad Platform Aimed at Replacing Third-Party Cookies

Google Chrome is making a new ad platform available to most users via its ‘Privacy Sandbox’, the company announced on Thursday. The search giant previously announced that it plans to phase out support for third party cookies that are used to track people as they browse the web. Instead, the company has built a browser-based advertising mechanism that can track you without cookies, previously called the Federated Learning of Cohorts (FLoC). Chrome users will be informed about the new “ad privacy feature” when the ad platform is enabled on their browser.

In a blog post, Google revealed that the ad topics feature that is part of the Privacy Sandbox feature — previously available to beta testers — has now reached “general availability” on Chrome. Google says it has worked with publishers, developers, adtech providers, and consumers to develop the new system that will eventually replace the use of third-party cookies on Google’s browser.

A screenshot of the ad platform controls found under Chrome’s privacy settings

Once the Privacy Sandbox platform rolls out to you on Chrome, you will be presented with a popup that informs you about the new tracking mechanism. Some users have reported seeing a “Turn on” button suggesting that the feature is opt-in, while others have shared screenshots of the same prompt with a “Got it” button that suggests the feature may have to be manually disabled. You can do this by visiting the Chrome settings section and clicking on Privacy and Security > Ad privacy to modify your settings.

When enabled, Google’s new tracking mechanism will make a list of “ad topics”, by studying your browsing history. These ad topics are then shared with a website when it wants to show you targeted ads, which means that you will see ads based on your browsing history.

According to the company, Google Chrome will drop support for third party cookies for one percent of all users in Q1 2024. The company says that the “countdown to the planned deprecation of third-party cookies is in full effect.”

If this sounds like an equally bad method of tracking users across the Internet as third party cookies, then you might want to consider switching to Apple’s Safari browser, or the open source Firefox browser from Mozilla. Unlike Chrome and many Chromium-based browsers, both Firefox and Safari block third-party cookies and do not include support for the Privacy Sandbox. iCloud+ and Apple One subscribers can also use Private Relay feature to hide their IP address from websites and trackers.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome Updated With Fingerprint Lock for Incognito Tabs on Android: How It Works

Google Chrome’s Incognito Mode is set to get more private on Android. A new feature is rolling out to users on Android phones that will automatically lock Incognito tabs on Google Chrome when the browser is exited. Users will be able to unlock them using biometric authentication, using the fingerprint scanner on their smartphone. The feature is currently rolling out for Android users, however, not all users will have access to the feature. The biometric lock feature for Incognito tabs was first introduced on iOS devices in 2021 and is now making its way to Android users.

The rollout of the Google Chrome feature was announced by the company via a blog post, and the company says that Android users will require biometric authentication to reopen their Incognito tabs after they close and reopen the app. This means no one except the device’s owner will be able to access the Incognito session. The feature is rolling out to Chrome users on Android, according to the company. It is worth noting that this feature is not enabled by default and users will have to enable the functionality in Chrome’s Settings menu.

To enable this new privacy feature, users can access Chrome’s settings menu, then click on Privacy & Security and enable Lock incognito tabs when they close Chrome. Once done, the feature will be enabled and the users will need to “unlock” their Incognito tabs using the phone’s fingerprint scanner. Also, enabling or disabling this feature requires users to provide verification, such as their device PIN or pattern. Google first introduced the fingerprint lock feature for Incognito tabs on iOS devices in 2021.

Meanwhile, Google has shared five ways to offer a safe browsing experience ahead of Data Privacy Day which is celebrated on January 28. The features include the ability to delete the browser’s history including history, cookies and cache, from a specific time or altogether, using Chrome’s password manager on Android, iOS and desktop to remember and automatically fill passwords on their devices.

Google is also reportedly working on a newly redesigned menu that will have a new toggle to block all unwanted extensions at once. The new toggle will disable extensions and block potentially malicious extensions. Microsoft Edge, too, has a similar “pause extensions on this site” feature. The new feature is currently under development and is seen in Chrome Canary. However, it doesn’t work at the moment, and just turns on and off and doesn’t show the installed extensions as well, as per the report.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Google Password Manager Gets Passkey Support for Android, Chrome

Google announced on Wednesday that the developers can now test Google Password Manager’s passkey support on Android and Chrome. Passkeys are designed as a safer alternative to passwords and traditional two-factor authentication methods. Google claims that passkeys cannot be reused, won’t leak in server breaches, and protect users from phishing attacks. Since passkeys have been developed using industry standards, they will offer a uniform user experience across Windows, macOS and iOS, and ChromeOS. The company expects to release a stable version of this feature later this year.

As mentioned earlier, Google has revealed that passkeys on Android and Chrome are currently only available to developers via Google Play Services beta and Chrome Canary. Normal users are expected to get this feature by the end of 2022.

Passkeys in the Google Password Manager are designed to work on different operating systems and browser ecosystems. They are compatible with both websites and applications, and feature a similar interface as to password autofill.

For end-users, passkeys will appear similar to using a password today. Furthermore, passkeys will always be end-to-end encrypted. Users will have to set up a screen lock via fingerprint, face, PIN, or pattern to prevent others from using passkeys even if they have access to a smartphone.

Passkeys will then be backed up and synced through the cloud to prevent users from getting locked out if they lose their devices. Recovering a passkey would require users to enter the screen PIN, password, or pattern of another device with access to the passkey encryption.

Google claims that the screen lock PINs, passwords, or patterns for the passkeys will be stored in secure hardware enclaves. However, Google or any other entity will not be able to read this data. If a malicious user fails to enter the correct information 10 or more times, the passkey will become unusable. However, the original user will still be able to recover it using an existing device.

The company has promised to deliver even more updates to Android in 2023 and plans to allow third-party authenticators to support passkeys.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Chrome for Windows, Mac, Linux Updates With 4 High-Risk Vulnerability Fixes

Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. The new release fixes a total of seven security vulnerabilities — of which, four are marked highly severe. The update is rolling out to desktop users across Windows, macOS and Linux platforms over the coming days. India’s Computer Emergency Response Team (CERT-In) and the United States Cybersecurity and Infrastructure Agency (CISA) have urged users to install the latest Chrome release on their systems to prevent the reported issues.

The four security issues that are rated with high severity are tracked as CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, and CVE-2022-2011, as Google explained in a blog post.

The vulnerability that is tracked as CVE-2022-2007 is a Use-After-Free (UAF) vulnerability, which exists in the WebGPU to API and allows attackers to hack by exploiting incorrect use of dynamic memory. The CVE-2022-2008 flaw, on the other hand, results in out-of-bounds memory access in WebGL.

Chrome’s compositing component is also found to have the CVE-2022-2010 issue, which is an out-of-bounds read vulnerability. The last high-risk vulnerability, CVE-2022-2011, is a use after free flaw in ANGLE engine abstraction layer.

Although Google has detailed the four highly severe issues, it has not provided public access to the details as a large number of users are yet to bring the fix.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” the company said.

In response to the public disclosure from Google, CERT-In has released a vulnerability note to urge users to install the latest update.

“Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the targeted system,” the advisory by the nodal agency said.

The CISA has also encouraged users and administrators to apply the update on their systems.

Users can check for the latest release on their Windows, Mac, and Linux systems by going to Chrome > About Google Chrome. The update can also be installed by clicking on the three-dot button from the right-most corner and then Help > About Google Chrome.

Check out our Latest News and Follow us at Facebook

Original Source

Google Chrome’s New Machine Learning Model to Silence Undesired Notification Permission Prompts

Google Chrome will soon get a new machine learning (ML) model that will automatically silence notification permission prompts that are not/ less likely to get approval. Google says that this model is a part of an expansion of its ML capabilities which it uses in various other services, including filtering out spam emails. The Mountain View, California-based company claims that the move will further improve the browsing experience, and since the model will run on-device, the user data stays private.

Google explains in a blog post that the new ML model will change how people interact with web notifications. While some notifications help deliver updates from your favourite website sites, others distract you with notification permission prompts. The new model on Google Chrome is said to “predict when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts,” and it automatically silences such undesired prompts.

Google says that the model will be launched in the next release of Chrome. The feature was previously reported wherein it was discussed that a code change will let Chrome take back a website’s right to send notifications. Additionally, this prediction-making will be done entirely on-device. This means that the user data will not be sent to Google servers and it stays private on the device. Earlier this year, Chrome got a new ML model that is claimed to identify 2.5 times more potentially malicious sites and phishing attacks as the previous model.

Google also says that in the near future, it will also be using ML to adjust the Chrome toolbar in real-time highlighting the action that’s most useful in particular scenarios. For example, when you are reading news the toolbar may show action including share link and voice search. These actions can be customised manually as well.

The third is using an updated ML model that works with Journeys in translating the pages on Google Chrome. With the Journeys feature, users can pick up their search journey from where they left off and arrange visited pages based on their topic or category. The updated model now automatically figures out whether the page you visited before needs a translation to match your preferences.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Poco Smartphone Spotted on Mi Code, Said to Be Rebranded Redmi Note 10S: Report

After PhonePe, Paytm Starts Taking Surcharge on Mobile Recharges

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.