SoylentNews is people
SoylentNews
Massive spying on users of Google's Chrome shows new security weakness
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, according to Awake co-founder and chief scientist Gary Golomb.
(Score: 2, Informative) by Anonymous Coward on Friday June 19 2020, @01:24AM (2 children)
+ I was part of a modest size "WebEx Training" session recently, this version of WebEx allows a "main room" and the admin can also set up "breakout rooms" for smaller discussions in parallel. When everything worked (about 60% of the time) this was a nice setup, end the breakout session and get back to the main room.
While the Cisco WebEx instructions described compatibility with both Chrome and FireFox, it turned out that the FF version was next to useless--it couldn't present, and it also had a significantly different UI. So I had to fire up Chrome which I really dislike.
+ Last year PayPal changed their setup for certain accounts and to reconfigure I tried in FF, none of the options worked right. Finally got a useful person at PP and his first comment was, "try Chrome"--which worked straightaway. I do use PayPal normally with FF, so there is that.
I'm assuming others have similar problems?
(Score: 1) by Ethanol-fueled on Friday June 19 2020, @02:57AM (1 child)
Github pulled this shit with their "download" button awhile ago (which I previously pointed out) which only worked if you had a recent version of FireFox, Chrome, or probably some kind of Microsoft trash. Strange, it worked just fine with my setup the month before. How the fuck does a "download" button suddenly stop working with a fairly recent-but-not-cutting edge version of FireFox? I hope the tolerant progressives working there rectified the situation for oppressed minorities whose system requirements can't run the latest FireFox or Chrome trash.
Yep, all those so-called "tolerant progressives" don't want you to use or even read their site unless you have some form of Soros-authorized browser.
(Score: 3, Informative) by Booga1 on Friday June 19 2020, @05:41AM
First: Javascript. The web developers don't seem to write anything else anymore. The concept of an actual web page that doesn't need optional cruft is completely alien to them.
Second: Forced, automatic, and frequent software updates have trained them to only care about the current version of a browser. If their scripts happen to work a few versions back, well that's good enough, right?
Third: The browser monoculture of Chrome. You've seen comments here in this story already where the answer when something doesn't work is "try Chrome." The monoculture was bad when it was Internet Explorer and it's just as bad when it's Google Chrome.
Nobody is going to stop any of these things since companies don't want to pay for developer time to support a tiny fraction of their customer base. Have an old computer or phone? "Upgrade or we're leaving you behind. Oh, and we don't care how shitty our web pages are as long as they work in Chrome. Tough shit."