Watch out for its new features chrome WebUSB and WebBluetooth: Web browsers use more and more APIs for more functionality.
But this is not always good.
Two recent additions to Chrome, the WebUSB and WebBluetooth APIs, allow websites to interact with Appliances that are connected to the computer running the browser.
This can be very useful, but sometimes the procase new features has unintended consequences.
WebUSB and WebBluetooth APIs, for example, leave gaps security που επιτρέπουν πολύ εξελιγμένες επιθέσεις ηλεκτρονικού “ψαρέματος” (phishing). Οι επιθέσεις αυτές θα μπορούσαν να παρακάμψουν συσκευές ελέγχου identity δύο παραγόντων που χρησιμοποιούν Θύρες USB, όπως την device Yubikey.
Security researchers have recently shown that Chrome browser WebUSB functionality can also be used to communicate directly with two-factor authentication devices, not just the Google U2F API.
Η attack it bypasses any protection offered by two-factor authentication devices.
Chrome displays a prompt when it encounters a page that tries to use the WebUSB or WebBluetooth API. The user should allow the request connectionand type or paste their account username and password on the page they want to connect to.
Users should pay due attention to dialogs that appear asking for permissions. Websites designed for attacks could provide assurances and prompts that the permissions they request are necessary for the best functionality of the externaldevice.
The two add-ons block APIs in the browser.
So if you don't use WebUSB and WebBluetooth features, these extensions are a temporary solution until Google fixes security issues.