Google Chrome now auto-upgrades to secure connections for all users

Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October 16th, Google has now rolled it out to all users on the Stable channel. "We enabled HTTPS-Upgrades by default on trunk last week, and are currently rolling out to 100% Stable," reads an update from Google Engineering Program Management Leader Chris Thompson. HTTPS-upgrades is a Google Chrome feature that automatically upgrades all main-frame navigations to HTTPS, the secure version of the HyperText Transfer Protocol while ensuring a quick fallback to HTTP if needed. Historically, browsers often made insecure HTTP requests to sites that were capable of supporting HTTPS. Whether that be due to users clicking on old links or because content on websites has not been upgraded to use the new protocol, connections over the HTTP protocol are not encrypted and can be snooped on to steal credentials or other sensitive data. In each case, users' privacy and security are compromised through unnecessary insecure connections. Existing methods to enforce HTTPS, such as the HSTS preload list or manually curated upgrade lists, have limitations. Maintaining an up-to-date list of HTTPS-supported sites can be challenging and bandwidth-intensive, often leading to outdated information reaching users. Google is fixing security issues with HTTPs-upgrades. With this update, Chrome aims to automatically upgrade in-page HTTP links to HTTPS, implementing a swift fallback mechanism to HTTP if required. The browser may also respect an opt-out header, allowing web servers that serve different content on HTTP and HTTPS to prevent auto-upgrades. This behavior will necessitate modifications to the Fetch specification, particularly concerning the upgrade of main-frame navigation requests and the handling of network errors in upgraded requests. While this automatic upgrade doesn't prevent downgrades, it offers no less security than the current norm. It limits exposure to passive attackers, although active attackers could hinder the upgrade process. Importantly, this change might reduce developers' motivation to rectify HTTP references. Google Chrome's new "IP Protection" will hide users' IP addresses. Google Chrome's organize tabs will automatically reorder tabs. Google fixes another Chrome zero-day bug exploited in attacks. Google rolls out Privacy Sandbox to use Chrome browsing history for ads. Google is enabling Chrome real-time phishing protection for everyone.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Google Chrome now auto-upgrades to secure connections for all users

Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
1 year ago Bleepingcomputer.com
CVE-2021-42016 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2021-42017 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
8 months ago Techrepublic.com
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
1 year ago Bleepingcomputer.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
11 months ago Cysecurity.news
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
1 year ago Bleepingcomputer.com
CVE-2021-37209 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2022-45044 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
9 months ago
CVE-2024-38867 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
5 months ago
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
11 months ago Bleepingcomputer.com
CVE-2021-31895 - A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 ...
3 years ago
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
5 months ago Security.googleblog.com
Google Chrome emergency update fixes 6th zero-day exploited in 2023 - Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw in a new security ...
1 year ago Bleepingcomputer.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
11 months ago Cysecurity.news
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
11 months ago Darkreading.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
10 months ago Bleepingcomputer.com
CVE-2019-19300 - A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), ...
1 year ago
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
7 months ago Bleepingcomputer.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
5 months ago Crowdstrike.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com
CVE-2022-34821 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < ...
1 year ago
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
9 months ago Bleepingcomputer.com
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
1 year ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)