Chrome security flaw could leave all users at risk

null

A new vulnerability has been discovered in Google Chrome, which could potentially put more than half of all internet users at risk.

Imperva’s security researcher Ron Masas said he had found a flaw in all browsers running the Blink engine, which includes Chrome and Opera. And that amounts to more than 58 per cent of the entire internet population.

Apparently, the flaw uses “side channel methodology” and abuses filtering functions in websites. That can allow hackers access to private information from users.

Here’s how the researcher explains it:

“The bug in question makes use of the Audio/Video HTML tags to generate requests to a target resource.

By monitoring the progress events generated by these requests, it grants visibility into the requested resource’s actual size. As we found out, this information can then be used to “ask” a series of yes and no questions about the browser user, by abusing filtering functions available on social media platforms like Facebook.”

Google was notified of the flaw and patched it in its Chrome 68 release, so if you’re using Chrome, you might want to check which version you have, and update accordingly.  

“The flaw we discovered could have serious implications to Google Chrome users as it puts their personal data at risk of being accessed by those with malicious intent. Attackers could establish the exact age or gender of a person, as it is saved on Facebook, regardless of their privacy settings. We reported the vulnerability to Google as soon as we had a clear understanding of its impact and the Chrome team has since responded with a patch for its users,” said Ron Masas, security researcher at Imperva.

The full blog post can be found on this link.