DecryptedTech

Wednesday07 December 2022

Displaying items by tag: Chrome

FirefoxFirefox has caught up with Google’s Chrome browser when it comes to insecurity. After forcing updates on unsuspecting users (we turn on the computer the other day to be told it was already updated) the newest version of Firefox apparently takes screen shots of your pages to put them into their Tab-Thumbnail view including sites that might be encrypted or secure connections (like your banking information). This is a pretty big privacy issue and one that has quite a few people upset.

Published in News

win8logoredesignedWhen Microsoft first announced that only Microsoft based products would have access to the “desktop” mode in Windows on ARM (Windows RT) we began to wonder just how long it would take for Mozilla, Google, Opera and others to chime in about how wrong this is. We now have heard from Mozilla who seems to feel that this lock out from the desktop is nothing more than Microsoft being unfair to the competition and, according to Mozilla, is in violate of the promises Microsoft made to both the EU and the US DoJ.

Published in News

GoogleGoogle’s previously unassailable Chrome web browser has now been hacked three times in only two days. The first two we have already told you about in a previous article. Vupen a French research company found a 0-day exploit that allowed them to jump out of Google’s Sand Box and then another that allowed them to execute arbitrary code on the OS that Chrome was installed on (in this case Windows). Vupen did this as part of the Pwn2Own competition held every year.

Published in News
Thursday, 08 March 2012 11:51

Google's Chrome falls first at Pwn2Own

News_manstealingdataThe Pwn2Own completion is in full swing and this year we find that Google’s Chrome web browser is the first to fall. Google has claimed in the past that Chrome is the most secure browser (in addition to claiming it is faster). Meanwhile many IT and security experts had questioned this and are concerned about things that Chrome does when installed on an operating system. Still this is the first time the browser has fallen during the infamous competition.

Published in News

17There was a time when IBM was the largest patent holder in the tech world. In fact the joke was that IBM did not have to actually make anything anymore. They could sit back and maintain their profitability with their licensing and royalty fees. Of course this was exaggeration, but IBM did have a massive portfolio and the revenue to back it up. Now, it seems that Microsoft is looking to take IBM’s top spot. They have been busy pressuring and perhaps bullying companies that make Android and Chrome mobile devices to sign agreements with them. The agreements sound a lot like the old Mobster movies. “Hey you pay me 10 (million) dollars a week and we will make sure,… you know, that nothing bad will happen to you.”

In short Microsoft is offering protection from patent litigation in return for a small cut of the manufacturing profits from Android and Chrome devices. Now you may think this is all very unethical and you would be right. However, there is no law against this. Just like there is no law against patenting the look and feel of something. To be honest, this is a last ditch effort on the part of Microsoft. They know they are losing the mobile war and that Windows Phone will be a thing of the past in a few short years. Right now they are just trying to replace the income they know they are going to lose with a little extra from someone else’s pocket.

Source Fudzilla

Discuss this in our Forum

Published in News

despdGoogle has just released an extension that allows remote control of any system that has the Chrome Web Browser installed. Although still in the Beta stages Google claims that this add-in for their browser will help IT organizations to more easily manage systems in their networks and is completely cross-platform allowing access to Windows, Linux, Macs and even Chromebooks. The interface is probably very similar to other free browser based remote software like join.me, got to my pc, and the plethora of others that are out there. We are also pretty sure that it is just as insecure as these services which have all be compromised in one way or the other. In fact to the best of my knowledge only join.me has not been breached and that is because it does not install a permanent client. It is an on demand service that leaves very little to no trace after you close out the session.

Now, there is a danger that in inherent with any remote control software that resides on a computer as there is always the theoretical chance that someone can gain access to that API and exploit it. In fact it is not the remote control extension that I have a problem with (unless Google embeds it in the browser). Instead I am seeing a pattern that I think it being missed by not only the press but by the mainstream users out there.

Let’s take a look at what we have going on and see if you can spot the issue. Not all that long ago Google released a new API called Chrome Frame that allowed elevated permissions to be granted this API. This meant that users who normally cannot install applications would be allowed to install this API. This maneuver is very underhanded and quite shady.  Forcing elevated privileges is a technique used by more than a few people with malicious intent and it makes me wonder about Google’s motivations here.

Next up on the Google hit list was and “false” positive from Microsoft’s Security Essentials which identified Chrome as the W32/Zbot Trojan Horse. When you combine this with Google’s known habit of data collection of their users (ever track what Chrome, Google Toolbar and Google Desktop are doing?) it was not a shock to see this happen. In fact I am surprised that it has not happened sooner.

Now we see a remote control API being added in. I am becoming more and more concerned with Google’s motives and what their end-state is. Plus let’s not forget that the ChromeOS is based entirely off of the Chrome browser. Some of you may remember that this bundling of browser and OS got Microsoft into serious trouble, not once but twice. Where is the outcry over this operating system? I see none from the public or the Government. I guess it helps to have your CEO as the President’s technology advisor.  

I think it is time for everyone to take a long hard look at that Google is really doing. I have a feeling that if this is done, you might find that you do not like many of the liberties they are taking with your searches, your web habits and even your personal data.

Discuss in our Forum

Published in Editorials

84So it appears that Google thinks people should use their Chrome Browser even if they work at a company that restricts things of this nature (often with very good reason).  Although you will not hear much about this it has been a well-documented fact that Chrome caches web pages (even in private mode) and also runs certain applications after Chrome is closed. These APIs read and write data to the System Volume Information folder and also do a few other things that are suspicious at best. This (amongst over things) has caused more than a few companies to ban the browser from use inside the corporate network.

However, Google still thinks that it has the right to let people by-pass these restrictions and install software that is not authorized. They have done this with a plug-in called Chrome-Frame. Chrome Frame is an API that allows a web page to be rendered using Chrome’s engine inside the currently running browser.  I guess this is for people that do not want to use multiple browsers, and is fine as long as it is something they want to install and (in the case of someone at their place of employment) it is authorized to be installed. This was not good enough for Google though, they have written a version of the plug-in that allows this to be installed with elevated privileges by-passing restrictions that are in place to prevent this from happening.

Now, I know there are some that will not understand why this is bad. They will say that people should be able to view the internet and that companies that are still on IE6 or 7 (which are no longer supported by GMAIL and other Google sites) are hindering their employees. However, most companies have fairly strict policies on browsing. This is mostly to prevent malware but also to help increase productivity. I know at more than one company I have worked for we provided internet systems in the break room and lunch room, but prevented all browsing on the users workstations. We also were never hit with a virus on any user desktop, but had them on the employee internet systems.  So it is not unusual to place these restrictions on browsing. It is entirely wrong (not to mention arrogant) of Google to create something that by-passes these restrictions. It also opens up a vector for attack as someone will find a way to usurp the plug-in and execute code through that elevated API, it is nothing short of Malware all on its own.

Discuss this in our Froum

Published in News
Page 3 of 3