To all Google Chrome users out there, here comes an alert to update your browsers now. Researchers have discovered a Google Chrome bug that could allow attackers to steal information such as age, gender and anything that might appear on a social media profile. The only protection against this glitch is to update your browsers ASAP.
Google Chrome Bug Lets Hackers Sneak Into Your Facebook
Recently, Imperva has discovered a vulnerability in the Google Chrome browser that allows potential hackers to steal your data. Precisely, this Google Chrome bug involves exploitation of Audio or Video HTML tags through which attackers can snoop into your social media profiles, such as Facebook.
Researchers have identified Chrome’s Blink web engine as the source of the bug. Through this bug, the attackers could start a “guessing game” to steal information from your Facebook profiles.
While explaining the discovery, Ron Masas, researcher at Imperva, writes in his blog,
“The bug in question makes use of the Audio/Video HTML tags to generate requests to a target resource. By monitoring the progress events generated by these requests, it grants visibility into the requested resource’s actual size. As we found out, this information can then be used to “ask” a series of yes and no questions about the browser user, by abusing filtering functions available on social media platforms like Facebook.”
This can be achieved by injecting malicious audio and video tags into a website. Then, the attackers could entice the user to visit the site. If the victim has Facebook also open in a tab at the same time while visiting the attacker’s site, things become much easier for the malefactor.
“When a user visits the bad-actor site, the site injects multiple hidden video or audio tags that request a number Facebook posts the attacker previously published and restricted using different techniques. The attacker can then analyze each request to indicate, for example, the user’s exact age, as it’s saved on Facebook, regardless of their privacy settings.”
The stolen information can include everything present on your profile, including your age, gender, location, likes, and other details.
Need Solutions? Update To Chrome 68!
Reportedly, this bug affects all Chrome users globally, except those running the latest Chrome 68 version. After the discovery of the bug, researchers quickly informed Google, after which Google patched the bug in its latest version, Chrome 68. If you already have the updated version running into your system (like me), then you’re safe.
To check your Chrome version, simply click on the three vertical dots appearing on the top right of your browser screen. You will see a “Help” option towards the end of the drop-down menu. Hover your mouse on it and click on “About Google Chrome”. You will see the browser details in the new window.
Latest posts by Abeerah Hashim (see all)
- HackerOne Awarded $3500 In Bounties For Two Vulnerabilities Affecting The Platform - November 11, 2019
- DHS Alerts About Multiple Vulnerabilities In Medtronic Valleylab Equipment - November 11, 2019
- Apple Mail On MacOS Stores Parts Of Encrypted Emails In Unencrypted Form - November 11, 2019