Category Archives: Chrome

Microsoft Is Embracing Chromium, Bringing Edge To Windows 7, Windows 8, and Mac

An anonymous reader writes: Microsoft today embraced Google's Chromium open source project for Edge development on the desktop. The company also announced Edge is coming to all supported versions of Windows and to macOS. Microsoft wants to make some big changes, which it says will happen "over the next year or so." The first preview builds of the Chromium-powered Edge will arrive in early 2019, according to Microsoft. And yes, this means Chrome extension support.

Read more of this story at Slashdot.

Chrome 71 is out, with several security changes

Google has released Chrome 71 for Windows, Mac, Linux and Android. The newest version of the popular browser comes with 43 security fixes and many new features, including several ones that aim to help users avoid security pitfalls. Changes improving user security As announced in November, when attempting to visit pages that try to trick them into signing up for mobile-based subscription services users will be explicitly warned about the danger through a pop-up alert: … More

The post Chrome 71 is out, with several security changes appeared first on Help Net Security.

Google Developer Says Chrome Team is Working on a Scrollable Tabstrip For the Browser

If you're a tab-hoarder, and you use Chrome browser, Google may have some news for you soon. The company is working on a scrollable tabstrip to make it easier for users to navigate through tabs, a developer was quoted as saying. Peter Casting, who works on Chrome UI, said, "scrollable tabstrip is in the works. In the meantime, try shift-clicking and ctrl-clicking to select multiple tabs at once, then drag out to separate Windows to group tabs by Window." TechDows, which first reported the development: We're expecting this as the related bug, the 'UI: tab overflow' bug created 10 years back, reports opening too many tabs causes add tab button (+) to disappear and tabs do not scroll then, the expected result has been mentioned as 'scrollable tabs.'

Read more of this story at Slashdot.

Microsoft, Google and Qualcomm Working On Chrome For Windows On ARM

Microsoft and Google engineers appear to be working on a Chrome browser running on Windows on ARM. "9to5Google has spotted various commits by Microsoft engineers assisting with the development of Chrome for Windows 10 on ARM," reports The Verge. "The details follow claims by a Qualcomm executive last month that the chip maker was working on an ARM version of Chrome for Windows 10." From the report: A native ARM version of Chrome would make a lot of sense for Qualcomm, Microsoft, and Google. Chrome is one of the most popular desktop apps available on Windows 10, and without a native version for ARM it's difficult to take ARM-powered Windows 10 devices seriously for many. However, it was only last year that Microsoft pulled Google's Chrome installer from the Windows Store, because it violated store policies. Those policies restrict rival browsers to using Microsoft's own Edge rendering engine, specifically that "products that browse the web must use the appropriate HTML and JavaScript engines provided by the Windows Platform." Microsoft also blocked similar browser apps for Windows 8. Unless Microsoft relaxes its rules then this native Chrome support for Windows on ARM won't be found in the Windows Store. Microsoft and Google's work could still help improve performance for Electron-based apps like Slack and Visual Studio Code which rely on parts of Chromium.

Read more of this story at Slashdot.

Browlock flies under the radar with complete obfuscation

Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users. In fact, the effects can be so convincing that people call the rogue Microsoft support number for help because they believe their computer has been hijacked.

Crooks are constantly trying out new tricks to defeat modern browsers and evade detection. Recently we’ve seen the “evil cursor” that prevents you from closing the fake alert, and the fake virus download that insinuates your computer is already infected. This time, we look at how browser locker pages use encoding to bypass signature-based detection.

Encoding and other obfuscation types

The use of Base64 or hex encoding to hide malicious scripts is as old as the moon. Malware authors have been relying on those to make identification of malicious code much more difficult for both human eyes and scanners.

Tech support scammers have been no stranger to leveraging obfuscation within their browser locker templates. For instance, by using this hexadecimal encoding below, the crooks can mask the fake warning message from prying eyes:

However, browsers can read and decode the hex encoded content and display it to the user as the following (fake) alert:

*************************************************
RDN/YahLover.worm!055BCCAC9FEC Infection
*************************************************

Not all tech support scam browlocks use obfuscation, but over the years it has become more common to see parts of the code being hidden. What we haven’t really seen is complete encoding of the browlock page such that almost no artifacts are present.

Soup to nuts encoding

We recently came upon a browlock template reported on Reddit that has taken encoding to a whole new level, on top of using the aforementioned unpatched, existing techniques. Its source code page is beautifully simple and yet effective:

We can see two JavaScript libraries that are being retrieved. One is called Zepto.js, which according to its author is “a minimalist JavaScript library for modern browsers with a largely jQuery-compatible API.” The more interesting library is this base64.min.js file, which gets Base64 encoded content and decodes it on the fly. Note how this data is not loaded from the main page but rather from a following GET request:

There is no denying that crooks are once again trying to play cat and mouse with defenders. Perhaps as a tongue-in-cheek gesture, they even created a bogus Google Analytics tracker ID: gtag(‘config’, ‘UA-8888888-x’), in addition to using the maps-google[.]us Google look-alike domain.

For end users, it is important to remember that no matter how scary a warning looks or even sounds, the best course of action is to remain calm and take the time to check on it before overreacting and dialing a scammer’s hot line. These browlocks are not causing any damage to the computer and can be closed one way or another. The more annoying ones still require using the Task Manager to kill the offending process, which is why we hope browser vendors take these issues seriously to restore power to the user. But otherwise, taking time to investigate does no harm, no foul.

Malwarebytes Browser Extension is not fooled by this obfuscation trick and already protects users from this browlock.

The post Browlock flies under the radar with complete obfuscation appeared first on Malwarebytes Labs.