Google disables WebUSB in Chrome Over Phishing Treats

Google Chrome

Phishing is a major concern if you live a lot of your life on the internet. There are plenty of ways to protect against phishing attacks with software, but one of the best methods is hardware USB keys. An authentication device can protect you even if the attacker has your username and password. At least that’s what they’ll tell you. A pair of researchers proved that these devices are not invincible. A feature in Chrome called WebUSB made it possible to bypass the protections.

CHECK:  Huawei Y7 Pro (2019)– Full Specifications, Review and Prices

WebUSB is a feature that allows websites to directly connect to USB devices; it was added in Chrome 61. Attackers can use the feature with an accompanying website to convince someone to type in their username and password and send it directly to the authentication device to unlock the account. Obviously, which Chrome being the most popular browser on the planet, this is a pretty serious vulnerability.

When asked about it, Google’s security product manager said they are aware of the situation. They consider this type of attack to be an edge case, but they are working to fix the problem. For the time being, Google has disabled the WebUSB feature entirely. This was discovered in Chromium just yesterday. Users can apply a command line flag if they really want to re-enable the feature. For now, the problem has been solved by removing the moving parts.

CHECK:  Group Admins Can Now Restrict Members From Posting/Sending Messages in Groups

Source: Wired |
Source: Chromium

1 Trackback / Pingback

  1. Change Inbox Type Feature Now Available in Gmail – Montelent Team NG - Online Tech, News, Video Site

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.