Google to Solve Chrome's HTML Vulnerability

Hackers could receive access to personal information using this vulnerability
17 August 2018   908

Google's developers have fixed a vulnerability in the Chrome browser, through which cybercriminals received secret information from other sites through audio and video HTML tags. Security researcher Ron Masas from Imperva identified the problem associated with the vulnerability of CVE-2018-6177, and in late July 2018 in Chrome 68 installed a security code.

According to the researcher, a cyber attack requires malicious code that downloads content from legitimate sites inside audio and video HTML tags. An attacker can determine the size of responses received from sites, and guess the various types of information. In the normal situation, this is not possible due to the CORS function, which prevents sites from downloading resources from other web pages, but the program is able to bypass protection.

Cybercriminals could get data on the sex and age of users using the Audience Restriction function in the settings of Facebook. According to Masas, collecting answers through social networks,hacker can consistently receive valuable personal information.

Another Internet security specialist, Mike Gualtieri, believes that when attacking, hacker can use a more creative approach than collecting data from Facebook users. For example, use corporate backend, intranet and corporate web applications. Thanks to the bug, the ability to send requests has appeared, so an attack on the API can also be successful.

Experts strongly recommend to update Chrome to v68.0.3440.75 or newer in order to prevent vulnerability.

Frontend News Digest 24 - 30.08

New and experimental CSS Firefox tools, Node.js' new current version update, deep dive to its internals and many other interest things awaits you
29 August 2019   824

Greetings! I hope your week went great! Here's new Frontend news digest.

In this digest, you will learn how to release custom react component, hook or an effect as an npm Package, learn about the powers of HTML5 storage that allos you to create shopping card and about new experimental CSS tools in Firefox. Also, Node.js v12.9.1 is out.

Guides

  • Creating A Shopping Cart With HTML5 Web Storage

This guide will teach you how to use the HTML Web Storage powers to create a shopping card step-by-step

  • How to Release a Custom React Component, Hook or Effect as an npm Package

Author believes he find a way how to release hook, custom component of React of an Effect as an npm Package in a more easier way than always

Article

  • Faster Image Loading With Embedded Image Previews 

EIP technology described in this post allows us to load preview images during lazy loading using progressive JPEGs, Ajax and HTTP range requests with no additional data transered.

  • Node v12.9.1 (Current)

Small release fixes 2 regressions in the http module

Video

  • New & Experimental CSS Tools in Firefox
     

UX designer at Mozilla Firefox Developer Tools team talks about cool new and even experimental CSS Tools in popular browser

  • A Journey into Node.js Internals

Tamar Twena-Stern spoke about the internals of the one of the most popular JavaScript's runtime environments

Updates

  • monolith

Solution allows to sale any web page into as a single HTML file with enbedded CSS, image, and JavaScript assets all at  a single HTML5 doc

  • radialMenu

Easy to set up (according to the developers) and customizable JS menu

  • Data Table Component

Includes a lot of features, and, according to the developers, is simple, sortable and flexible

  • React Webcam

A component to work with webcams for React