Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer.
As part of the WebUSB specification, there are certain interface classes that are protected from being accessed via web applications to prevent malicious scripts from accessing potentially sensitive data.
The list of protected interface classes are audio, HID, mass storage, smart card, video, audio/video Devices, and wireless controller.
The WebUSB specification includes a block list of specific USB devices that cannot be accessed by the API, such as YubiKeys, Google Titan keys, and Feitian security keys, which are used for multi-factor authentication.
Isolated web apps are applications not hosted on live web servers but packaged into Web Bundles, signed by their developer, and distributed to end-users.
They are commonly created for companies to use in-house.
When an app with this permission attempts to access a USB device, the system first checks if it is on the blocklist of vulnerable devices.
If it is, the device is normally removed from the access list.
The system also checks whether the device is on the app's list of allowed devices.
The system will check if the accessed interface is marked as protected.
Google's proposed feature enables trusted isolated web apps to access a broader range of USB devices, allowing for greater functionality in a trusted setting.
Google says it plans to ship it for testing in Chome 128, which should be released in August 2024.
Chrome for Android tests feature that securely verifies your ID with sites.
Google Chrome reduced cookie requests to improve performance.
Google Chrome change that weakens ad blockers begins June 3rd. Google rolls out Chrome fix for empty pages when switching tabs.
Google fixes fifth Chrome zero-day exploited in attacks this year.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 30 Jun 2024 21:20:21 +0000

Cyber News related to Google Chrome to let Isolated Web App access sensitive USB devices

Google Chrome to let Isolated Web App access sensitive USB devices - Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. As ...
2 days ago Bleepingcomputer.com

CVE-2023-52528 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
6 months ago Securityboulevard.com

CVE-2023-52742 - In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a ...
1 month ago Tenable.com

Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
2 months ago Techrepublic.com

Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
7 months ago Darkreading.com

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
5 months ago Darkreading.com

Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
7 months ago Bleepingcomputer.com

Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
5 months ago Cysecurity.news

Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
5 months ago Bleepingcomputer.com

Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
7 months ago Arstechnica.com

New TetrisPhantom hackers steal data from secure USB drives on govt systems - A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely ...
7 months ago Bleepingcomputer.com

Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
3 days ago Security.googleblog.com

Avast confirms it tagged Google app as malware on Android phones - Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app ...
7 months ago Bleepingcomputer.com

Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
4 months ago Go.theregister.com

Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
4 months ago Bleepingcomputer.com

Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
3 months ago Bleepingcomputer.com

Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
1 month ago Bleepingcomputer.com

CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago

CVE-2024-38565 - In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for ...
1 week ago Tenable.com

User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
5 months ago Cysecurity.news

Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
7 months ago Bleepingcomputer.com

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
7 months ago Darkreading.com

Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
7 months ago Bleepingcomputer.com

Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
6 months ago Cysecurity.news

Latest Cyber News

CVE-2024-4467 - 1 hour ago
CVE-2022-25480 - 2 hours ago
CVE-2022-25479 - 2 hours ago
CVE-2022-25478 - 2 hours ago
CVE-2022-25477 - 2 hours ago
CVE-2024-6387 - 2 hours ago
CVE-2022-25514 - 2 hours ago
CVE-2021-45364 - 2 hours ago
CVE-2017-20012 - 2 hours ago
CVE-2022-25517 - 2 hours ago
CVE-2021-43574 - 2 hours ago
CVE-2021-45952 - 2 hours ago
CVE-2024-6381 - 3 hours ago
CVE-2024-39894 - 3 hours ago
CVE-2024-39206 - 3 hours ago
CVE-2024-6341 - 3 hours ago
CVE-2024-39891 - 3 hours ago
CVE-2024-6382 - 3 hours ago
CVE-2021-40978 - 3 hours ago
CVE-2023-5038 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-6381 - 3 hours ago
CVE-2024-39894 - 3 hours ago
CVE-2024-39206 - 3 hours ago
CVE-2024-6341 - 3 hours ago
CVE-2024-39891 - 3 hours ago
CVE-2024-6382 - 3 hours ago
CVE-2022-25480 - 2 hours ago
CVE-2022-25479 - 2 hours ago
CVE-2022-25478 - 2 hours ago
CVE-2022-25477 - 2 hours ago
CVE-2024-25087 - 4 hours ago
CVE-2024-22106 - 4 hours ago
CVE-2024-25086 - 4 hours ago
CVE-2024-22105 - 4 hours ago
CVE-2024-5866 - 4 hours ago
CVE-2024-5865 - 4 hours ago
CVE-2024-4467 - 1 hour ago
CVE-2024-3826 - 4 hours ago
CVE-2024-39323 - 4 hours ago
CVE-2024-39316 - 4 hours ago