Beware of the new features of Chrome WebUSB and WebBluetooth: Browsers use more and more APIs for more functionality.
But this is not always good.
Two recent additions to Chrome, with the WebUSB and WebBluetooth APIs, allow sites to interact with devices connected to the computer running the browser.
This can be very useful, but sometimes the addition of new features has unpredictable consequences.
WebUSB and WebBluetooth APIs, for example, leave vulnerabilities that allow for highly sophisticated phishing attacks. These attacks could bypass two-factor authentication devices that use USB ports, such as the Yubikey device.
Security researchers recently proved that the functionalτητα WebUSB του προγράμματος περιήγησης Chrome μπορεί να χρησιμοποιηθεί και για την άμεση επικοινωνία με τις συσκευές επαλήθευσης ταυτότητας δύο παραγόντων και όχι μόνο για το API της Google U2F.
The attack bypasses any protection offered by two-factor identity devices.
Chrome prompts you when it encounters a page that is trying to use the WebUSB or WebBluetooth API. The user must allow the login request and type or paste the username and password of the account on the page he wants to log in.
Users should pay attention to the dialogues that appear and ask for permissions. Websites designed for attacks could provide assurances and prompts that the rights they request are necessary for better functionality of the external device.
So if you want to disable the two features from the Chrome you're using, you'll need to install them extensions Disable WebUSB and Disable WebBluetooth .
The two add-ons block APIs in the browser.
So if you don't use the WebUSB and WebBluetooth features, the above extensions are a temporary solution until Google fixes the issues security.
____________________________________
- Made from artificial intelligence. None of these people exists
- uBlock Origin is the popular ad blocker in Chrome?
- New law Right to repair. What it means;