Google will begin to block sign-ins from embedded browser frameworks in June

Google will begin to block sign-ins from embedded browser frameworks in June

Phishing — schemes to nab personal data with disguised malicious webpages and emails — constituted more than 70% of all cyber attacks in 2016, according to a Verizon report. In an effort to combat them, Google last year announced it would require users to enable JavaScript during Google Account sign-in attempts so that it could run attack-detecting risk assessments, and today, it said it’ll begin to block “all signals” from embedded browser frameworks like Chromium Embedded Framework starting in June.

“We’re constantly working to improve our phishing protections to keep your information secure,” account security product manager Jonathan Skelker wrote in a blog post. “This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.”

With the change, Google’s specifically targeting man in the middle (MITM) attacks, which is says are difficult to detect from automation platforms like embedded browser frameworks. MITM intercepts data exchanges between users and servers in real-team and sign in — behavior that Google can’t differentiate from a legitimate sign-in attempt.

As an alternative to browser frameworks, Google’s suggesting developers use browser-based OAuth authentication, which enables users to see the full URL of the page where they’re entering their credentials. “If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today,” Skelker said.

Today’s announcement comes roughly two years after Google restricted sign-ins using webview, or browsers bundled within mobile apps. In a related development in February, Google said that it was actively testing improved phishing- and malware-filtering models within Gmail. (Google claims that it now blocks more than 100 million more spam emails a day.)

Source link

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *