New Chrome 0-day Vulnerability Fixed

On January 16, Google released an update for its Chrome browser that contains a fix for 3 vulnerabilities. Among them there is one, CVE-2024-0519, that was reported by an anonymous user. The company acknowledges the exploitation of this breach in the wild.

Key issue of the vulnerability lies in an improper memory access control in the JScript V8 engine, used in Chrome. The issue falls under CWE-119 designation. The way Chrome operates supposes the ability of direct memory addressing, but with lack of proper handling, it leads to the ability to reference to a wrong memory location. What this gives to attackers is the ability to both read and write to the random memory area, causing data leaks and arbitrary code execution.

Besides the most sensible issue, there are also 2 high-severity vulnerabilities fixed in the same update. Both touch V8 JavaScript, too, but are related to lack of memory write validation and type confusion. The latter, actually, can lead to similar effects with CVE-2024-0519, so it should be treated with the same seriousness. The good thing about these two is the absence of their real-world exploitation.

Google Releases Fix to the Newest 0-day Exploit

The severity of the issue obviously calls for urgent response from the developer. Fortunately, Google never hesitates to patch such bugs. However, due to the limitations, the patch may not be available to all users simultaneously. Here is the list of OS-specific versions that contain a fix.

To check whether you have an updated version of the browser or to check for updates, go to Settings → About Chrome. This will open the menu which checks the update availability each time you open it.

Being the most popular web browser is not just about privileges, as you may witness. Such a humongous user base means increased (if not maxed out) attention from adversaries, who take such vulnerabilities nothing short of a gift. For ordinary users, the best way to counteract this is to keep an eye on the latest updates, specifically on what issues they fix.

The post New Google Chrome 0-day Vulnerability Exploited, Update Now appeared first on Gridinsoft Blog.

OAuth2 Vulnerability Allows for Persistent Session Hijacking

The attackers found a way to use specific components within the Chrome browser to hijack sessions without a risk of it being interrupted by password changes. They targeted Chrome’s token_service table, part of the WebData, to exfiltrate tokens and account IDs. This table contains essential information, such as the GAIA ID and the encrypted_token column. Next, the attackers decrypted these encrypted tokens using a key stored in Chrome’s Local State within the UserData directory.

This method is similar to how Chrome stores passwords, indicating that the attackers deeply understood Chrome’s data management system. The exploit’s success relied on the attackers’ ability to navigate and utilize Chrome’s intricate data structures, specifically those related to user authentication and token management.

MultiLogin Endpoint Is The Culprit

The MultiLogin endpoint is a crucial element of Google’s OAuth2 system. It synchronizes Google accounts across various services, ensuring a consistent user experience by aligning the browser account states with Google’s authentication cookies. However, attackers have found a way to exploit this endpoint’s functionality. By providing vectors of account IDs and auth-login tokens, attackers can maintain unauthorized access to Google services.

Although this is a regular operation for the endpoint, attackers have used it maliciously. The endpoint’s invisibility and exploitability make it an ideal target for exploitation. It is not widely documented or known, and its role in managing simultaneous sessions or user profile switches makes it a potent tool for attackers once they understand how to manipulate it.

The Discovery and Spread of the OAuth2 Exploit

Back in October 2023, one of the malware developers described a vulnerability in OAuth2 and the exploit to it on its Telegram channel. This exploit uniquely allowed the generation of persistent Google cookies by manipulating tokens. This capability ensured continuous access to Google services, bypassing standard security measures even after resetting the user’s password​​. Obviously, the exploit’s potential didn’t go unnoticed.

Lumma infostealer was the first to integrate this exploit in November 2023, employing advanced blackboxing techniques to protect the methodology. This incorporation marked the beginning of a trend, as the exploit quickly caught the attention of various malware groups. Following Lumma, malware entities like Rhadamanthys, Stealc, Meduza, Risepro, and WhiteSnake implemented the exploit. Each group brought nuances to the exploit’s application, indicating its versatility among cybercriminals​​.

Hidden Tactics

In addition, the attackers manipulated the token:GAIA ID pair, which is also essential in Google’s authentication process. This manipulation allowed them to regenerate Google service cookies and maintain unauthorized access to user accounts. Thus, Lumma, a key player in exploiting this vulnerability, encrypted the critical token:GAIA ID pair with proprietary private keys. This process, known as “blackboxing,” not only obscured the core mechanics of the exploit but also made it difficult for other malicious entities to replicate the method.

Since the attackers encrypted the communication between their C2 and the MultiLogin endpoint, it was challenging for network security systems to detect the exploit. Standard security protocols often overlook such encrypted traffic, mistaking it for legitimate data exchange.

Interim Measures for Protection

While Google is working on fixing the vulnerability, there are some immediate steps you can take to protect your account. First, it is recommended that you log out of all your browser profiles. This will invalidate your current session tokens. After logging out, change your password and log in again. The action will generate new session tokens. Such a step is essential because tokens and GAIA IDs may have been stolen, and generating new session tokens will prevent unauthorized access by rendering the old tokens useless.

The post OAuth2 Session Hijack Vulnerability: Details Uncovered appeared first on Gridinsoft Blog.

Google Chrome Vulnerability Exploited in the Wild

The bug with heap buffer, that made the CVE-2023-4863 possible, is related to the way Chrome handles WebP images. By default, Windows assigns the browser as a way to display images of that format, and it remains unchanged in the vast majority of cases. Thus, the potential audience of exploitation is humongous – Chrome retains its monopoly on the browser market. WebP, at the same time, steadily substitutes “classic” image formats.

Originally, the flaw became known on September 6, 2023, after the corresponding research by Apple SEAR and Citizen Lab at The University of Toronto was sent to Google. The company, however, hesitates with publishing more extensive information upon the case. All that is known now is that the buffer overflow bug that happens during the WebP image reading can allow for arbitrary code execution. Alternatively, the browser may simply crash – which is to be expected with buffer overflow bugs. On the CVE MITRE resource, the exploit is listed though lacks any details besides the basics I’ve already mentioned.

How Critical CVE-2023-4863 is?

Arbitrary/remote code execution bugs are quite common to receive highest marks on exploit severity ratings. And when combined with eased in-the-wild usage and large selection of targets, the threat becomes truly massive. Millions of people use Chrome on a daily basis, and facing WebP images is common as well. Hackers can try to do whatever they want to millions of users, by simply sending the specifically crafted image.

Protect Yourself Against Chrome Exploits

Despite Google being sluggish with publishing the way the exploit works, they are fast on updates. The updates 116.0.5845.187/.188 for Windows (Stable/Extended) and 116.0.5845.187 for Mac have the vulnerability fixed. Updating the browser is plain and simple – go to Settings, and get down to the About Chrome button. Clicking it will initiate the browser update checkup, and if there is a newer version available – you’ll receive it.

But what can you do to avoid falling victim to exploits that were not uncovered and/or patched? Zero-trust is the only option that gives you reliable protection against such exploits. Its name is self-explanatory – solutions with such a policy treat any program as potentially dangerous. However, solutions with such a policy are mostly oriented towards corporate clients. And overall, negatives of having a paranoiac security solution in your system overwhelm situational profits. For individual users, I’d recommend looking for other options.

Your own awareness gives you a great advantage. The vast majority of phishing attacks bear on a single supposement – the victim will be too ignorant and reckless to notice the incoming fraud. And what can be more pleasant than crushing fraudsters’ hopes? Sure, this requires knowledge of what exactly you should seek, but these tips will do you a great service even away from scam avoidance.

The post Google Fixes Critical Vulnerability in Chrome, Exploited in the Wild appeared first on Gridinsoft Blog.

Predasus Malware Targets Chromium-based Browsers in Latin America

Threat analysts have discovered a new malware called “Predasus”. Attackers use this malware to insert harmful code through a Chrome extension and employ this method to attack various sites, including WhatsApp’s web version. The attackers enter and exploit the targeted websites through legitimate channels to deploy Predasus malware, enabling them to steal users’ confidential and financial data. Predasus engages in several malicious activities, such as obtaining sensitive information like login details, financial data, and personal information.

Predasus Infection Chain

Browser extensions can infect your device in various ways. They exploit browser or operating system vulnerabilities, including social engineering, to trick users into downloading them. The scenario is classic – a user opens an email attachment, a PDF, Word, or Excel file. The attachment contains malware that stealthily infects the user’s computer and is automatically deployed once downloaded. The malware then connects to the first command and control (C&C) server and downloads several files written to a folder named “extension_chrome” in the %APPDATA% folder. It terminates any process associated with Google Chrome and creates malicious .LNK files in several locations, replacing legitimate ones. In addition, the extension gains some permissions:

• “tabs”: Allows the extension to access and modify browser tabs and their content.
• “background”: Allows the extension to run in the background, even when the extension’s popup window is closed.
• “storage”: Allows the extension to store and retrieve data from the browser’s local storage.
• “alarms”: Allows the extension to schedule tasks or reminders at specific times.
• “cookies”: Allows the extension to access and modify cookies for any website the user visits.
• “idle”: Allows the extension to detect when the user’s system is idle (i.e., not being actively used).
• “webRequest”: Allows the extension to monitor, block, or modify network requests made by the browser.
• “webRequestBlocking”: Allows the extension to block network requests made by the browser.
• “system.display”: Allows the extension to detect and adjust display settings on the user’s system.
• “http://*/*”: Allows the extension to access any HTTP website.
• “https://*/*”: Allows the extension to access any HTTPS website.
• “browsingData”: Allows the extension to clear the user’s browsing data (such as history and cache) for specific websites.

Some of these permissions pose a risk because they allow an extension to access or modify sensitive user data.

What data is at risk?

According to IBM Security Lab, Predasus has been seen in many malicious activities, including modifying browser behavior and stealing sensitive data such as login credentials, financial information, and personal data. In addition, this attack uses WhatsApp Web. Since WhatsApp is popular in some countries such as Brazil, Mexico, and India, attackers can get enough potentially valuable information. Using a phishing payment site, scammers steal payment information from the victim under the guise of paying for a subscription. In addition, the phishing site asks for a confirmation code that the victim received via text message. In this way, the fraudsters access the victim’s bank account. Ultimately, the attackers sell the obtained data on the Darknet.

Safety Tips

To avoid unpleasant consequences, you must be cyber hygienic and watch what you install. Hackers always seek for new ways of malware spreading, and your attentiveness can effectively repel all their attempts.

• Be careful with emails you receive. This advice repeats again and again, as hackers keep using spoofed emails to spread malware. Strange topic, unknown sender, typos – all such things should raise suspicion.
• Only download extensions you’re sure about. Even using Chrome Web Store as a source does not mean you’re safe. Hackers have their ways to upload malicious plugins even to this marketplace – leave alone third-party sources.
• Use two-factor authentication and regularly update your browser and extensions to stay safe.
• Use effective anti-malware software. When it comes to protecting from malware attacks from different vectors, it is quite easy to whiff at some point. To avoid problems, a backup protection option is essential. GridinSoft Anti-Malware can offer you great protection, both reactive and proactive.

The increase in harmful Chrome extensions is concerning and emphasizes the importance of being cautious while browsing the web. There are concerns that this malware campaign may spread to North America and Europe.

The post Predasus Malware Attacks Latin America Through Browser Plugins appeared first on Gridinsoft Blog.

Let me remind you that we also said that Malicious Ledger Live extension for Chrome steals Ledger wallet data, and also that 295 Chrome extensions injected ads in search results.

The existence of ViperSoftX malware has been known to security experts since 2020, for example, Cerberus and Fortinet have already talked about it. Now, the malware has been studied in detail by Avast experts. They report that the malware has changed noticeably since then.

The company report says that since the beginning of 2022, Avast has detected and stopped 93,000 ViperSoftX attack attempts against its customers, mainly affecting users from the United States, Italy, Brazil and India. At the same time, it is known that the main distribution channel for malware is torrent files of game cracks and activators for various software.

After examining the wallet addresses that are hard-coded in the ViperSoftX and VenomSoftX samples, the experts found that as of November 8, 2022, the attackers “earned” about $130,000. Moreover, the stolen cryptocurrency was obtained solely by redirecting cryptocurrency transactions on hacked devices, that is, this amount does not include profit from other activities of hackers.

The new variants of ViperSoftX do not differ much from those studied earlier, that is, they can steal data from cryptocurrency wallets, execute arbitrary commands, download payloads from the control server, and so on. The main difference between the new versions of ViperSoftX is the installation of an additional malicious VenomSoftX extension in the victim’s browsers (Chrome, Brave, Edge, Opera).

To hide from the victim, the extension masquerades as Google Sheets 2.1, allegedly created by Google, or as a certain Update Manager.

Although VenomSoftX largely duplicates the functionality of ViperSoftX (both malware target the cryptocurrency assets of victims), the extension itself carries out the theft differently, which increases the chances of attackers to succeed.

In particular, the targets of VenomSoftX are Blockchain.com, Binance, Coinbase, Gate.io and Kucoin, and the extension monitors the user’s clipboard and replaces any addresses of cryptocurrency wallets (as Carabank Group did, for example) that get there, with the addresses of attackers.

In addition, the extension can change the HTML code on sites to detect the address of the user’s cryptocurrency wallet, while manipulating elements in the background and redirecting payments to attackers.

To determine the victim’s assets, the VenomSoftX extension intercepts all API requests to the aforementioned cryptocurrency services, and then sets the maximum available transaction amount, stealing all available funds.

Moreover, in the case of Blockchain.info, the extension will try to steal the password entered on the site.

The researchers say it’s easy to detect such fake Google Sheets: the real Google Sheets are usually installed in Chrome as an app (chrome://apps/) and not as an extension, which is fairly easy to check on said page. If the extension is present in the browser, you should remove it as soon as possible, clear the data, and probably change the passwords.

The post Chrome Extension ViperSoftX Steals Passwords and Cryptocurrency appeared first on Gridinsoft Blog.

What the error “This Site Can’t Provide a Secure Connection” means

First, let’s find out what a “secure connection” is. It is a connection to a website that uses the secure Hypertext Transfer Protocol (HTTPS), not HTTP. Browsers usually mark secure websites with a lock icon at the address bar’s beginning, confirming that the connection is secure. The secure connection supposes the encryption of all data packages your device exchanges with the server, so the third party is not able to see the contents. HTTPS offers significant security advantages over HTTP but imposes strict requirements for compliance. One of these is a valid SSL certificate. Thus, the “This site can’t provide a secure connection” error tells us there is a problem with the SSL certificate. That is, the site claims to be HTTPS compliant but either does not provide a certificate or provides an invalid certificate. If the browser can’t verify the certificate, it won’t load the site and will display this error message instead.

Causes of the “This Site Can’t Provide a Secure Connection” error

If you see a site security warning, it does not necessarily mean the site is unsafe. Although it is not impossible, more often than not, it is less dangerous. The problem can be divided into problems with the web browser or system configuration and issues with the site. You can check this by opening the problem page in several browsers. Suppose you see the error in one browser, which works fine in another. In that case, the problem is probably in the browser (usually the cache). If the error appears in all browsers, the problem is either with your computer or the site itself. Listed below are the most common causes of this error message:

• Incorrect time and date settings on your device. If your laptop has the wrong date and time settings, this can cause problems with SSL certificate authentication. Your PC may think it is already expired or, what is more comic, have not been issued yet.
• Outdated SSL caches in your browser. This is one of the common causes. Because web browsers store SSL certificates in a cache, they don’t need to check the certificate every time you visit a site, thereby speeding up browsing. However, if the SSL certificate changes, but the browser still loads an older version from the cache, it can cause this error.
• Invalid or expired SSL certificate. Certificates must be periodically renewed. You will see this error if the website’s SSL certificate has expired.
• Fraudulent browser extensions. An incorrectly working browser extension can also cause problems with certificate authentication. Often it’s a simple error caused by a poor design, though sometimes the extension can be malicious.
• Overzealous antivirus. Incorrectly configured antivirus software can sometimes erroneously produce this message. This may be due to an encryption error.

Fix the “This Site Can’t Provide a Secure Connection” error

Fortunately for the user, the problem solving does not require any serious interruptions. However, in certain cases, you will be forced to witness the error until the other party does not deal with an outdated certificate. Below we will look at how to eliminate the secure connection error.

Set the correct date and time

The certificate’s expiration date is significant, and you need to keep an eye on the signing and expiration date of the certificate. Incorrect date and time zone can lead to a secure connection error in Chrome browser. Therefore, ensure that the time on your system is synchronized with your current time zone. In most cases, this simple solution is effective.

Clear Chrome’s browsing data

If the problem persists after setting the date and time, try clearing the Chrome cache and cookies. To do this, press Ctrl + Shift + Delete, select the time range “all time,” and click “Clear data“.

Check recently installed extensions

Recently installed extensions and ad blockers can interfere with how you see Chrome sites. First, try removing these extensions and then reloading the web page again. To remove extensions from Chrome, follow these steps:

First, open the Chrome browser and type chrome://extensions in the address bar.

This will take you to the extensions page, where you can click on the “Remove” button next to your recently installed extensions.

You can do the same step to disable ad blockers.

Check your antivirus and firewall settings

Sometimes the connection error in Chrome can occur due to too aggressive or incorrect settings of the antivirus and firewall installed on your PC. Most modern antivirus programs scan websites for malicious elements and other security threats. They also check the SSL/TLS versions of the website. If the website uses an outdated version of SSL, the antivirus will block it. In this case, you can solve the problem by temporarily disabling the antivirus. However, it would not be safe.

Clear SSL state

If the above methods don’t help, try to clear the SSL status. To do this, perform the following steps:

• Open the Start menu.
• Search for and open Internet Properties.
• Select the Content tab.
• Click Clear SSL State

Disable the QUIC protocol

QUIC (Quick UDP Internet Connections) provides a connection equivalent to TLS/SSL to Google’s servers. QUIC is enabled by default in Chrome. To disable it, copy chrome://flags/#enable-quic, paste it into the address bar, and press Enter. At the top of the screen, the experimental QUIC protocol is set as the Default protocol. Please disable it and restart Chrome.

Enable TLS and SSL support.

TLS and SSL are old protocols that are disabled in most browsers and operating systems. Since most websites use much more secure and fast protocols, Chrome did not allow you to visit this site and warned you that it was not secure. However, you can enable TLS/SSL protocol support:

• Open the Control Panel, find Internet Options.
• Click the Advanced.
• Scroll down and select TLS 1.0, TLS 1.1, TLS 1.2, SSL 3.0, and SSL 2.0 and click ” OK”.

Restart your computer and try to visit the web page.

The post “This Site Can’t Provide a Secure Connection”: How to Fix appeared first on Gridinsoft Blog.

The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month.

Let me remind you that we also wrote that SpookJS Attack Allows to Bypass Site Isolation In Google Chrome.

The current vulnerability is known to be a heap buffer overflow in the WebRTC component and was first reported by information security expert Jan Vojtěsek from the Avast Threat Intelligence team. Even then, it was known about the exploitation of the bug in real attacks, but no details were disclosed.

As Avast experts now say, the vulnerability was discovered after investigating a spyware attack on one of the company’s customers. According to experts, Candiru started using CVE-2022-2294 back in March 2022, attacking users in Lebanon, Turkey, Yemen and Palestine.

Spyware operators used the standard watering hole tactic for such campaigns. This term refers to attacks that are built by analogy with the tactics of predators who hunt at a watering hole, waiting for prey – animals that have come to drink. This usually means that attackers inject malicious code onto legitimate sites, where it waits for victims.

In this case, by compromising the site, the hackers expected that it would be visited by their targets using a browser vulnerable to CVE-2022-2294. In one case, the website of an unnamed Lebanese news agency was hacked and injected with JavaScript, allowing XXS attacks and redirecting the victim to a server with exploits.

The attack was particularly nasty in that it did not require any interaction with the victim (such as clicking on a link or downloading something). To compromise, it was enough to simply open a malicious site in Google Chrome or another Chromium-based browser (including Edge, as well as Safari, since the vulnerability was related to WebRTC).

To make sure they attack only the right people, the hackers created victim profiles by collecting a lot of data, including information about the victim’s system language, time zone, screen size, device type, browser plugins, device memory, cookies, and more.

It is also noted that in the case of the Lebanese attacks, 0-day not only allowed the attackers to execute shellcode inside the rendering process, but was additionally associated with some kind of sandbox escape vulnerability that Avast was unable to recreate for analysis.

When the DevilsTongue malware finally infiltrated the victim’s system, she tried to elevate privileges by installing a Windows driver containing another unpatched vulnerability. Thus, the total number of 0-day bugs involved in this campaign was at least three.

Once the driver was installed, DevilsTongue used a security hole to gain access to the kernel, the most sensitive part of any OS. Researchers call this attack method BYOVD — bring your own vulnerable driver (“bring your own vulnerable driver”). It allows malware to bypass OS protections since most drivers automatically have access to the OS kernel.

Let me remind you that the DevilsEye spyware, which was developed by the Israeli company Candiru and then sold to governments of different countries, was described in detail by specialists from Microsoft companies last year. Even then, it was known that politicians, human rights activists, activists, journalists, scientists, embassies and political dissidents in various countries of the world suffer from this malware attack.

The post Chrome 0-day Vulnerability Used to Attack Candiru Malware appeared first on Gridinsoft Blog.

The attack is dubbed Spook.js (or SpookJS), which is a direct reference to the Meltdown and Specter processor vulnerabilities discovered in 2018. Although both attacks were demonstrated only as a concept back then, they proved that there are many flaws in the design of modern processors.

As a result, Intel and AMD made a commitment to change future designs of their CPUs, making them more secure, and software vendors have increased the protection of their applications to make it more difficult or even to prevent the exploitation of such bugs.

Google was one of the first companies to implement defenses, adding a new feature to Chrome called Site Isolation. This feature splits JavaScript code for each domain, preventing Specter-like JavaScript attacks and stealing information from other open user tabs.

However, scientists have now reported that the current version of Site Isolation is ineffective. Although site isolation separates domains from each other (for example, example.com from attacker.com), subdomains are not isolated (for example, attacker.example.com from login.example.com). Spook.js exploits this very flaw in Site Isolation’s design. Moreover, the researchers believe that Google is aware of the problem, but cannot do anything about it, since the separation of JavaScript code at the subdomain level will damage 13.4% of all sites on the Internet.

As a result, the experts managed to create a JavaScript tool Spook.js that allows side-channel attacks like Specter on Chrome and Chromium-based browsers running on Intel, AMD and Apple M1 processors. The tool extracts data from the same subdomains where the attacked site is located, that is, it will only works if the attacker manages to inject Spook.js on the target resource.

As being said, the researchers especially highlighted that many sites allow users to create their own subdomains and run JavaScript code, such as Tumblr, GitHub, Bitbucket, and many others. In addition, sites can simply be hacked specifically to carry out an attack.

In their report, experts demonstrate the successful compromise of Tumblr and Bitbucket, but also admit that not all sites that support the creation of subdomains have data that is worth stealing at all. For example, Google is of interest in this regard: in this case, scientists created a site in Google Sites, where they uploaded Spook.js to create a malicious page. As a result, they were able to recover images uploaded to the victim’s personal Google Workspace or Google Photo account.

The researchers also packaged Spook.js into a Chrome extension that they loaded into the browser. Since all the code was executed in one process, Spook.js was able to extract data from other extensions, which during the experiment were passwords that were automatically filled by the LastPass extension in the victim’s browser. Of all the attacks, experts considered this the most serious, since users, as a rule, install a large number of extensions, many of which have access to all data, and as a result, Spook.js “sees” all this.

The experts have already notified all the companies whose products they tested (including Intel, AMD, Google, Tumblr, LastPass and Atlassian) about the problem. Google took the findings of the researchers seriously and announced last summer that Site Isolation will now work at the extension level, separating their JavaScript code from each other.

Unfortunately, experts point out that this does not help defend against other variations of the Spook.js attack.

Let me remind you that I also reported that New vulnerabilities help to bypass protection from Specter on Linux systems.

The post SpookJS Attack Allows to Bypass Site Isolation In Google Chrome appeared first on Gridinsoft Blog.

The vulnerability that received an identificatory number CVE-2021-21227 and was assessed as having a high severity level. The vulnerability was reported by the researcher of the Chinese information security company Singular Security Lab.

The researcher is known to have earned $15,000 for this problem through the bug bounty program.

Google developers described the found bug as “insufficient data validation in V8.”

The Singular Security Lab researcher writes that the CVE-2021-21227 vulnerability is related to the CVE-2020-16040 and CVE-2020-15965 bugs, also found in the V8 code, which Google engineers fixed in Chrome in December and September 2020. For example, an expert discovered the CVE-2021-21227 problem while analysing patches for two other vulnerabilities. According to him, all these errors were associated with the same function.

Also in version 90.0.4430.93 of Chrome released this week, nine more vulnerabilities were fixed, including a couple of high severity, three medium and one low severity bugs.

Let me remind you that also recently Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.

And also that The Record reports that the Chinese cybersecurity company Qingteng Cloud Security has detected attacks on WeChat users, in which is used a fresh vulnerability in Chrome. The attackers used an exploit published 2 weeks ago.

The post Google fixed another major vulnerability in the V8 engine appeared first on Gridinsoft Blog.

Then Google engineers wrote that “heavy” advertising can significantly reduce the battery life of the device, create an additional load on the network bandwidth, and as a result can cost the user money.

According to the company’s criteria, ads are considered too “heavy” in the following cases:

• uses more than 4 MB of network bandwidth;
• loads the processor for more than 60 seconds;
• over a period of 30 seconds uses the processor for more than 15 seconds.

That is, the new system is designed to block the mining of cryptocurrency in the browser, the download of large and poorly compressed images, as well as the download of large video files (without the user’s permission).

In September, Google developers began gradually implement the corresponding mechanism in the Chrome 85. Now Bleeping Computer writes that with the release of Chrome 87 (for desktops and mobile devices), more and more users are seeing the first results of the new mechanism.

Based on numerous tests conducted by Bleeping Computer on sites like the New York Times, the browser now does block overly heavy ads.

When an ad reaches the limit, Chrome automatically displays an error in the ad frame, informing the user that “the ad has used too many resources for your device, so we removed it.”

Also, according to the tests, Chrome blocks even its own ads, shown through AdSense, if it violates the given rules.
If you’re interested, you can test the feature on sample contents available on heavy-ads.glitch.me.

Let me remind you that 295 Chrome extensions injected ads in search results.

The post Heavy ad blocker started working in the Google Chrome appeared first on Gridinsoft Blog.