November 21, 2018
Category archive


Chrome adds new security features to stop mobile subscription scams

in Browser/Delhi/Google/google-chrome/India/mobile/Politics/scams/sercurity/TC by

Google today announced that Chrome will soon get a new feature that aims to stop mobile subscription scams. Those are the kind of sites that ask you for your phone number and that then, unbeknownst to you, sign you up for a mobile subscription that’s billed through your carrier. Starting with the launch of Chrome 71 in December, Google will pop up a prominent warning when a site doesn’t make it clear that users are signing up for a mobile subscription.

To make sure that developers who are legitimately using this flow to offer users subscription don’t get caught up in this new system, Google also published a set of best practices for mobile billing today. Generally, developers are expected to make their billing information visible and obvious to users, display the actual cost and have a simple and straightforward fee structure.

If that information is not available, Google will through up a prominent full-page warning, but users can always opt to proceed. Before throwing up the warning page, Google will notify webmasters in the Search Console when it detects a potential scam (there’s always a chance for false positives, after all).

This new feature will be available on both mobile and desktop, as well as in Android’s WebView.

News Source = techcrunch.com

Google wants to make Chrome extensions safer

in browser extension/chrome web store/Delhi/Developer/Google/google-chrome/India/Javascript/Politics/TC by

Google today announced a number of upcoming changes to how Chrome will handle extensions that request a lot of permissions, as well as new requirements for developers who want to publish their extensions in the Chrome Web Store.

It’s no secret that, no matter which browser you use, extensions are one of the main vectors that malicious developers use to gain access to your data. Over the years, Google has improved its ability to automatically detect malicious extensions before they ever make it into the store. The company has also made quite a few changes to the browser itself to ensure that extensions can wreak havoc once they have been installed. Now, it’s taking this a bit further.

Starting with Chrome 70, users can restrict host access to their own custom list of sites. That’s important because, by default, most extensions can see and manipulate any website you go to. Whitelists are hard to maintain, though, so users can also opt to only provide an extension with access to the current page after a click.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites,” Google explains in today’s announcement.

Any extensions that request what Google calls “powerful permissions” will now also be subject to a more extensive review process. In addition, Google will also take a closer look at extensions that use remotely hosted code (since that code could be changed at any time, after all).

As far as permissions go, Google also notes that in 2019, it’ll introduce new mechanisms and more narrowly scoped APIs that will reduce the need for broader permissions and that will give users more control over the access that they grant to their extensions. Starting in 2019, Google will also require two-factor authentication for access to Chrome Web Store developer accounts to make sure that a malicious actor can’t take over a developer’s account and publish a hacked extensions.

While that change is still a few months out, starting today, developers are no longer allowed to publish extensions with obfuscated code. By default, obfuscated code isn’t a bad thing. Developers often use this method of scrambling their JavaScript source code to hide their code, which would otherwise be in clear text and easy to steal. That also makes it very hard to figure out what exactly the code does and 70 percent of malicious extensions and those that try to circumvent Google’s policies use obfuscated code. Google will remove all existing extensions with obfuscated code in 90 days.

it’s worth noting that developers will still be allowed to minify their code to remove whitespace, comments and newlines, for example.

News Source = techcrunch.com

Google Chrome could soon let you mute annoyingly noisy websites

in Chrome/chrome os/chromium/computing/Delhi/freeware/Google/google-chrome/India/Politics/Software/TC/world wide web by

Websites that auto-load videos with sound may soon be a thing of the past — or, at least, your days of having to put up with them could be.

That’s because Google is testing a new option that lets users permanently mute a website within the Chrome Browser.

Noisy websites have long been a pain. Chrome introduced an indicator to flag guilty tabs a couple of years ago — it had long been needed — and now the development team is testing this mute option inside the latest experimental ‘Canary’ version, according to Google developer François BeaufortYou can follow this link if you want to try it out.

It looks very easy to use. Just click on the security status that’s located to the left of the website address, and then the option to mute the site sits within the list of its details and permissions. The mute itself lasts until the setting is changed, which effectively makes it a sound ban.

While the feature would only appear in Chrome, assuming that it graduates from this test rollout, it could spur other browser companies to follow suit.

This kind of option for users could discourage publishers from autoplaying videos with sound for fear that their website will be muted forever. That would be mean one less annoying thing on the internet and a win for us all.

News Source = techcrunch.com

Go to Top