Google resolves browser vulnerability, positive response wins praise

Chrome

Oh, no. Never comforting to read of login thefts of any sort and it is small wonder that a security sleuth made news when he discovered an issue with Chrome. Once again, the price of convenience becomes a topic, this time in the offer to save Wi-Fi credentials and re-enter them automatically for your convenience.

A Chrome browser issue was described earlier this month which could have left a door open for hackers. The good news is that the security glitch in the popular browser was resolved; Google fixed the vulnerability.

The problem involved credentials auto-filled on unencrypted HTTP pages. SureCloud delivered the subsequent news that the latest update of Chrome (tested against version 69.0.3497.81) addressed the issue. The latest version of the Chrome browser, version 69, has been released and it carried the patch.

ZDNet security reporter Catalin Cimpanu said it had been "a design issue" that attackers could exploit to steal the WiFi logins, whether from home or from corporate networks.

BetaNews quoted Luke Potter, SureCloud's cybersecurity practice director. "There is always a trade-off between security and convenience, but our research clearly shows that the feature in web browsers of storing login credentials is leaving millions of home and business networks wide open to attack—even if those networks are supposedly secured with a strong password."

Elliot Thompson, a researcher with UK cyber-security firm SureCloud, had put together a technique exploiting the design issue, said Cimpanu. Thompson's "Wi-Jacking" worked with Chrome on Windows.

"During a recent engagement we found an interesting interaction of browser behaviour and an accepted weakness in almost every home router that could be used to gain access a huge amount of WiFi networks," said Thompson's SureCloud post on September 4.

The browser behavior related to saved credentials. Credentials saved in a browser, tied to a URL, are automatically inserted into the same fields when seen again. The router weakness was in the use of unencrypted HTTP connections to management interfaces. Thompson, though, said there was a solution for this path to credential-theft and he discussed it in his September 4 post.

"Fundamentally this is just a flaw in the way origins are shared and trusted between networks. In the case of home routers, they are predictable enough to be a viable target. The easiest solution would be for browsers to avoid automatically populating input fields on unsecured HTTP pages. It is understandable that this would lower usability, but it would greatly increase the barrier to credential theft."

At the time, Thompson recommended to "Clear your 's saved passwords and don't save credentials for unsecure HTTP pages."

"Thompson says he reported the issue to Google, Microsoft, and ASUS in March, this year," said Cimpanu. "Google addressed his report by not allowing Chrome to auto-fill passwords on HTTP fields."

In addition to Chrome, are other browsers vulnerable? "Firefox, IE/Edge and Safari require significant user interaction, so attack does work, but is more of a social engineering based," said Thompson on September 4. "With Chrome it is significantly more seamless."

The usual advice applies: Update. Cimpanu wrote, "Updating to Chrome 69.0.3497.81 or later should keep users safe from Wi-Jacking attacks."

Commenting on Google's addressing the issue, Thompson said, "This is a positive response from Google and is great to see."


Explore further

Software developer questions why Google Chrome allows for display of saved passwords in plain text

More information: www.surecloud.com/sc-blog/wifi … utm_content=76704482

© 2018 Tech Xplore

Citation: Google resolves browser vulnerability, positive response wins praise (2018, September 7) retrieved 20 November 2018 from https://techxplore.com/news/2018-09-google-browser-vulnerability-positive-response.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
32 shares

Feedback to editors

User comments

Sep 07, 2018
Not heard of this, google chrome updates manually in help

Sep 07, 2018
I have seen recently that Google introduced some changes in their algorithm and a new one is coming also. I am worried about my hp customer assistant website. I hope the new update will not affect my website.

Oct 08, 2018
Printing was introduced long back in the 15th century and now it has been developed in many ways. With the growing number of technology, there has been a growth in the printing devices. In this modern era, a printer has become everyone's need.

Oct 16, 2018
As nowadays Apple become a style Statement and the best benefit of Apple which makes it Differ with other Android & Window Device that it is completely virus free but as part of an electronics industry it also has some technical glitches in there which require technical assistance. In order to resolve all the issues related to ios devices do visit www.applesupportp...ers.com/

Oct 20, 2018
In the Digital world, we know the Internet is used to get the works done properly and also within the shortest time period. It makes more easy for people to do work but also there is the side effect of it. The hackers are also there to make the performance difficult. If anyone is facing problem regarding Netgear, they can take help from Netgear Support, I also get help from here.
https://routersup...support/

Oct 21, 2018
A Web browser developed by search engine giant Google, is used by about 20 percent of desktop Internet users, according to Net Market share. The browser promises lightning fast startup, loading and Web searches with an easy-to-use interface.
For kaspersky support number support visit: http://kasperskys...r.co.uk/


Oct 21, 2018
If you're experiencing any of those Chrome problems, you've come to the right place https://avastsupp...upport/. We're going to show you how to troubleshoot and resolve common Chrome problems that make you feel like Google hates Macs.

Oct 22, 2018
The Chrome Browser has become the more secure after the Google updates. Now the hackers cannot access the user's information Via the Chrome Browser so it is the great news. I was getting the issue in my laptop regarding security then https://www.pcsup...support/ helped me a lot.

Oct 22, 2018
The router weakness was in the use of unencrypted HTTP connections to management interfaces. For more details about epson printer error code 0x97 just go to https://printerte...de-0x97/

Oct 23, 2018
If you're experiencing any of Chrome problems, you've come to the right place. We're going to show you how to troubleshoot and resolve common Chrome problems that make you feel like Google hates Macs. To know more, visit - https://macsuppor...ecovery/

Oct 25, 2018
You can examine the connection linking your printer and computer. Check that all your devices have connectivity to each other accurately, and also with the network. It can be either a wireless network or a Bluetooth network. Also, it can be a cable which you are using for the connection and if you face any issue then visit: https://www.hptec...0000225/


Oct 25, 2018

If you are looking for Diwali Quotes, Diwali Wishes, Diwali Status, Diwali Images for Whatsapp & Facebook, etc then you are at the right place.
http://www.funtaa...-images/

Nov 05, 2018
Google Chrome is the best browser so far. It provides the required security to its users. As the product belongs to Google it is supposed to be very good. If you happen to run into any printer related issues visit https://www.print...de-0xf1/

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more