Imperva uncovers Google Chrome vulnerability https://t.co/2rN7Sqgqes
The hole has been fixed, but only for those using the latest version of Chrome
Imperva has discovered a Google Chrome vulnerability that could potentially allow malicious actors to hack into users' computers to find sensitive information from Facebook and other personal platforms.
The bug researchers unearthed use the Blink engine in Google Chrome to break into the browser. Although the vulnerability has apparently been fixed with the latest update to Google Chrome, 58% of Chrome users haven't updated their browsers, leaving them exposed to the vulnerability.
“Attackers could establish the exact age or gender of a person, as it is saved on Facebook, regardless of their privacy settings,” said Ron Masas, a researcher at security firm Imperva. “With several scripts running at once – each testing a different and unique restriction – the bad actor can relatively quickly mine a good amount of private data about the user."
Imperva explained the security hole takes advantage of Audio/Video HTML tags to generate requests to a target resource. It watches the actions made to the resource and then poses questions to the browser about its user based upon the pages it's accessed, requiring yes or no answers.
So if someone visits the site (such as Facebook), hidden video or audio tags will be implemented into the browser. It will then request Facebook posts the attacker has planted and can then analyse the victim's personal data including information such as their age as it's saved on Facebook.
"For example, a bad actor can create sizeable Facebook posts for each possible age, using the Audience Restriction option, making Facebook reflect the user age through the response size," Masas said. "The same method can be used to extract the user gender, likes, and many other user properties we were able to reflect through crafted posts or Facebook’s Graph Search endpoints."
Google patched the security hole in Chrome 68's release after being advised about the potential problem by Imperva's researchers.
Written by Clare Hopping
Microtechs 24/7 white label support services
Most of our customers approach us as they are looking for a fully UK based extension of their support team. This is normally to help with covering support overnight and weekends, because they want to free up their senior staff to work on project or development duties, because of issues with staff retention or because they have already outsourced overseas and have experienced a high number of complaints.
We have a mixture of clients which use our helpdesk and monitoring services which include;
• 1st /2nd line remote support calls
• 24/7/365 or office hours
• Incident management services with third party escalation
• Proactive monitoring NOC services
• Catch and dispatch only monitoring services
• Fully inclusive services with an average 80% resolution rate
• 15-minute response times
• Fully GDPR compliant
• Completely white labelled to your brand
• Desktop / Network / O365 / Mac / Telecoms / Bespoke software
• Pricing from £500 per month
We are all based from one office in Surrey and tailor our service to dovetail to your requirement.
I guess that’s why we are different to other companies. We spend time to learn, develop, sculpt and continually improve our service to your customers.
If you need overflow during the day or a whole support desk from scratch or just some monitoring services overnight, please drop me an email or give me a call.
Please contact us for further information on 01483 407417.