Latest Chrome Update Highlights Numerous Vulnerabilities

Chrome, Ophtek, Updates, zero-day, , ,
30
Aug 2022

Chrome is the most popular web browser on the market by far, but its success is no guarantee of being free from vulnerabilities as a new update shows.

No piece of software is created perfectly, so there’s always a need to update and refine applications. In particular, security vulnerabilities are one of the most common issues which software designers find themselves needing to go back and solve. And this is because threat actors will use all their resources to discover even the tiniest chink in an application’s armor. Once this has been discovered, they’re presented with the opportunity to bypass security and exploit the software.

Chrome’s latest update comes packed full of functionality upgrades, but also 11 security fixes. As it’s likely your organization regularly works with Chrome, we’re going to look at what this patch offers you.

What is Chrome’s Latest Update?

The latest update from Chrome – details of how to install it are here – delivers a variety of fixes which include:

  • A zero-day vulnerability – tagged as CVE-2022-2856 – which has allowed hackers to take advantage of a flaw in Web Intents, a process which allows web apps to connect with web services.
  • Several ‘use-after-free’ vulnerabilities, these are flaws that are usually opened when an application fails to clear its memory when used. This scenario provides a foothold to threat actors looking to breach security.
  • A heap buffer overload vulnerability relating to downloads made through Chrome, a vulnerability which allows memory corruption to open a backdoor for threat actors.

t only takes one vulnerability to compromise a PC, so the need to patch 11 vulnerabilities strikes a major blow to Chrome’s reputation. To make matters worse, this is the fifth zero-day vulnerability Chrome have had to issue in 2022. Digging deeper into the contents of the update, it also becomes apparent that ‘use-after-free’ errors are a significant problem within Chrome at present.

Is Chrome Safe to Use?

Computer Keyboard with symbolic padlock key

Chrome will continue to work even without the latest update. However, the protection at its disposal will be lacking any substantial strength. There’s a chance, of course, you won’t fall victim to a cyber-attack which exploits these flaws, but do you really want to take a chance? The sensible answer is: NO! And, although Chrome haven’t released any specific details about these latest vulnerabilities, you can bet your bottom dollar that hackers will now be focusing their attention on Chrome.

Therefore, it’s crucial you install this latest Chrome update as soon as possible. Even if your organization’s preference is, for example, to use the Edge browser, you need to update Chrome if it’s present on your PCs. This is the only way to ensure that security gaps are plugged. Naturally, there will be further vulnerabilities which remain unidentified, but you can only deal with threats which are known. Chrome, on the whole, is a reputable and safe browser, you just need to make sure that automatic updates are activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malicious Extension Found Being Injected into Chrome

ChromeLoader, extensions, Google Chrome, malicious extensions, Ophtek, , , ,
31
May 2022

Chrome is the world’s most popular browser and, as such, is a major target for hackers, a fact highlighted by the emergence of a malicious Chrome extension.

If you’re a Chrome user, then you will be well aware of the wide range of benefits that Chrome extensions deliver. They not only making browsing easier, but their main objective is to make you more productive e.g. automating tasks such as blocking pop-up adverts. While Chrome extensions allow you to personalize your browsing experience, they are not without risk. Privacy concerns have surrounded browser extensions for as long as they have been available, and malicious extensions have been equally concerning.

It’s more than likely that your organization uses the Chrome browser in some capacity, so let’s look at the dangers of this most recent malicious extension.

The Lowdown on ChromeLoader

With a name that does exactly what it says on the tin, the ChromeLoader extension loads itself into Chrome. It begins its journey towards Chrome in the form of an ISO file – an image copy of the contents of an optical disc – which is currently being spread through social media sites and pay-per-install sites. Within this ISO is an executable file which, when activated, installs the ChromeLoader extension into Chrome and uses Windows’ Task Scheduler application to load the extension.

At present, the malicious activity of ChromeLoader has been recorded as relatively low. Rather than stealing data or encrypting files, ChromeLoader appears more concerned with redirecting victims towards spam sites. It’s a threat level which may not appear significant but, as with all malware, there’s a potential for ChromeLoader to evolve into something more powerful. It could, for example, be used to load ransomware into a compromised PC, and that’s when your productivity really will come under attack. And, even it remains only a minor nuisance with its spam redirection, it’s still a problem your organization could do without.

How to Tackle ChromeLoader

ChromeLoader is delivered via an ISO file, and the chances of your employees needing to handle ISO files at work are slim. Therefore, it makes sense to add ISO files to your list of prohibited files that can be downloaded. If an employee does need an ISO file downloading from the internet, then they should contact your IT team to arrange this securely. Banning torrent sites, such as PirateBay, will also limit the chances an employee has to access infected ISO files, so build this into your web filters as well.

Ultimately, extensions such as ChromeLoader prey upon the naivety of the common internet user. For the average person, a Chrome extension is a useful ally, not something to be feared. However, threat actors are always keen to deliver their malicious payloads as stealthily as possible. And that’s why they try to take advantage of routes, such as Chrome extensions, which are commonly trusted by PC users. As a result, educating your staff on the potential dangers of downloading files from the internet, such as ISO files or browser add-ons, should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Google’s Password Checkup Aims to Secure Your Passwords

Ophtek, Password Security, Passwork Checkup, Security, , , , , ,
01
Dec 2020

Passwords are crucial in IT security and will remain relevant for the near future. But Google’s Password Checkup shows there’s always room for improvement. 

We all have a long list of passwords that we use to access various IT apps and services. They’re perhaps the simplest, but most effective step you can take in thwarting hackers. Without a password it’s almost impossible to gain unauthorized access to an IT system. That’s why social engineering and phishing emails have become so popular with hackers. And one of the major problems with passwords is that computer users have a tendency to recycle the same passwords for different IT systems.  

Passwords, therefore, have a number of flaws. Thankfully, Google have designed the Password Checkup app to verify the security of your passwords. 

What is Password Checkup?  

It’s difficult to keep up to date with the sheer number of passwords we use on a daily basis. The simplest way to combat this is to write all your passwords down, but this is one of the biggest password mistakes you can make. Now, instead of writing these passwords down, you can store them in your Chrome browser. As long as you’re running a Google account which is synced to your Chrome browser, you will be able to securely store your passwords. Naturally, this is useful for auto-complete password functions – although even this is risky – but the functionality doesn’t stop here. 

The most exciting and useful feature of Password Checkup is that it will automatically tell you if your login details have been breached. A sophisticated and clever password manager, Password Checkup is linked to a database containing in excess of four billion login credentials. These username/password combinations have all, at some point, been leaked online in large scale hacks. This could potentially mean that, for example, your existing Gmail credentials are visible online for anyone to see. With Password Checkup on your side, however, you will receive an alert in your Chrome browser that your login details have been breached. 

And, going back to the fact that many of us recycle our passwords, these Password Checkup alerts serve as a nudge to use unique passwords. After all, if a hacker knows that you have used the password “abc123” on your Gmail account, there’s every chance you may have used the same password on your Facebook account. Anything that reduces the time taken to breach an account is a win for hackers and you need to minimize this wherever possible. 

How to Use Password Checkup 

Password Checkup originally started as a standalone Chrome add-on and this continued to work until September 2020. The reason for retiring this add-on was down to Google deciding to build Password Checkup into the Chrome browser as an integral component. Therefore, the only way to access the Password Checkup service now is by using an up to date version of Chrome. You must, of course, sign into your Chrome browser with a Google account in order for your details to sync. Ultimately, using Password Checkup will make your online experience safer and securer. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Major Spyware Risks Found Within Google Chrome Add-ons

extensions, Ophtek, Security, Security Threats, , ,
07
Jul 2020

Google’s Chrome is the most widely used browser on the internet, but this dominance also makes it a major target for hackers.

The popularity of Chrome means that it’s a vital asset for PC users and this applies to both domestic and business settings. One of the major advantages of Chrome is that it’s supported by a vast database of add-ons. These add-ons, which are coded by official developers or third-party coders, can be installed within seconds and provide an enhanced browsing experience. But the ease with which these add-ons can be released makes them a security risk.

This risk has been brought into sharp focus by a security lapse which has led to 32 million downloads of malicious spyware. And this startling figure is why we’re going to take a closer look at the situation.

What is a Chrome Add-on?

You may be wondering what a Chrome add-on is and it’s a good question which we will quickly cover. Add-ons, also known as extensions, allow users to modify Chrome in a way which adds extra features and accessibility e.g.  Save to Google Drive. The add-ons are built using web technologies such as JavaScript and are embedded into the user’s browser where they can be turned on and off.

How Has Spyware Infiltrated Chrome Add-ons?

Security researchers have discovered that a number of Chrome add-ons have not been delivering the benefits they promise. These particular extensions, available for free, advertise themselves as providing services which include converting files to different formats and warning about malicious websites. However, these add-ons contain a nasty surprise in the form of spyware. And this spyware has been used to record browsing data and login credentials. Around 70 suspicious add-ons, all uploaded with fake contact details, have been identified and since removed by Google.

How Can You Protect Yourself Against Malicious Add-ons?

The busy digital age we live in means it’s easy to lose focus with what’s happening on our screens. But vigilance is crucial when it comes to threats such as malicious add-ons. Therefore, it’s important that you practice the following when working with extensions:

  • Check Permissions: Whenever you install an add-on it will detail the permissions that it requires to run. These could range from asking for permission to access your hard drive through to analyzing your browsing data. An add-on which asks for a large number of permissions should immediately ring alarm bells. Most important, however, is the nature of these permissions. Anything which feels too invasive should be declined and an alternative sought. 
  • Audit Your Add-ons: It’s always a good idea to monitor the add-ons you have installed in your browser. Any that you deem as no longer necessary should be removed; auditing your add-ons should be carried out every month. This will ensure that your browser does not become bloated with add-ons and minimizes the risk of rogue extensions being present. 
  • Ask a Professional: If in doubt, always reach out to an IT professional before installing an add-on. Their experience of identifying malicious software will allow them to quickly determine whether it is safe or not. And, don’t forget, only ever consider an add-on which provides an invaluable benefit. Otherwise it is recommended to continue without it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Plugins for Browsing Safely in Chrome

Chrome, Google, Ophtek, Plugins, Security, , ,
17
Dec 2019

Google’s Chrome browser is a popular browser and one that it is relatively secure. But it can be made even safer with the correct plugins.

It’s estimated that over half of all web traffic goes through Chrome browsers and this popularity is down to its innovation and simple interface. However, the success of Chrome has made it a target of hackers. And this has been highlighted by the recent WizardOpium vulnerability which required a swift patch from Google. There’s added danger for Chrome users from more generalized online threats such as malicious websites and data security concerns. Thankfully, help is at hand for web users in the form of security plugins.

And, to help you enhance your Chrome experience, we’re going to examine the best plugins for browsing safely in Chrome.

What is a Plugin?

You may not be familiar with plugins, so it’s probably a good idea that we start by explaining them. A plugin is a piece of software which, as the name suggests, ‘plugs in’ in to your browser. Acting as an additional software component, a plugin adds extra features to your browser. The types of plugin availability aren’t just limited to security features either. Adobe’s Flash player, for example, is probably one of the most well-known browser plugins.

Chromes Best Security Plugins

It’s now time to take a look at the best plugins for browsing safely in Chrome:

  • Ghostery: A privacy ad blocker, Ghostery grants Chrome the opportunity to block adverts and stop data trackers from harvesting your data. The plugin allows you to customize which ads and trackers remain active whilst blocking the more suspicious ones. And, best of all, by blocking ads and data trackers you will speed up the load time of webpages.
  • Web of Trust: It’s estimated that there are up to 18.5 million malicious websites online, so you need to be careful where you browse. With a plugin such as Web of Trust you can maximize your safety. Not only does Web of Trust advise you when you land on an unsafe website, but it also displays ‘reputation’ icons next to the results generated by search engines.
  • Blur: Passwords are a crucial element of safe web browsing, but they need to be kept secure. If your passwords are compromised then you’re at risk of having your personal data stolen. Blur helps you to avoid this. It’s a powerful plugin which can generate strong passwords while also encrypting and saving them. This ensures that there’s no need to memorize or write down you passwords; you can just click and go. 
  • HTTPS Everywhere: The best websites are those with a URL which starts with https rather than just http. The additional S of https indicates that it’s a secure website. However, if you have installed the HTTPS Everywhere plugin then, in most cases, it will be able to automatically switch a http site to a more secure https version.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2