Google to Solve Chrome's HTML Vulnerability

Hackers could receive access to personal information using this vulnerability
17 August 2018   459

Google's developers have fixed a vulnerability in the Chrome browser, through which cybercriminals received secret information from other sites through audio and video HTML tags. Security researcher Ron Masas from Imperva identified the problem associated with the vulnerability of CVE-2018-6177, and in late July 2018 in Chrome 68 installed a security code.

According to the researcher, a cyber attack requires malicious code that downloads content from legitimate sites inside audio and video HTML tags. An attacker can determine the size of responses received from sites, and guess the various types of information. In the normal situation, this is not possible due to the CORS function, which prevents sites from downloading resources from other web pages, but the program is able to bypass protection.

Cybercriminals could get data on the sex and age of users using the Audience Restriction function in the settings of Facebook. According to Masas, collecting answers through social networks,hacker can consistently receive valuable personal information.

Another Internet security specialist, Mike Gualtieri, believes that when attacking, hacker can use a more creative approach than collecting data from Facebook users. For example, use corporate backend, intranet and corporate web applications. Thanks to the bug, the ability to send requests has appeared, so an attack on the API can also be successful.

Experts strongly recommend to update Chrome to v68.0.3440.75 or newer in order to prevent vulnerability.

Google to Announce .dev Top-Level Domain

Application acception for a new domain will begin in January 2019
13 November 2018   265

At the summit of developers Chrome Dev Google representatives briefly announced the imminent opening of the registration of names for the top-level domain .dev. Application acception will begin in January 2019.

From January 16 to February 19, 2019, brand and trademark owners will have the opportunity to register a domain name with their trademark. From February 19 to 28 there will be an early access stage with a higher price. And from February 28, access will be open to anyone.

As noted, the .dev domain, like the previously opened .app, will receive support for the HTTPS protocol by default. A more detailed description of the domain zone is available on the official website.

In May 2018, Google announced the public registration in the domain zone .app - in the first top-level domain, which allows only secure connections. And in October 2018, early registration began in the .page zone. Unlike .app and .dev, which are designed for developers, the .page zone is focused on personal pages, business and thematic sites. The domain also supports only secure channels.