logo
episode-header-image
Mar 2023
15m 33s

New exploits are tricking Chrome. [Resea...

N2K Networks
About this episode

Dor Zvi, Co-Founder and CEO from Red Access to discuss their work on "New Chrome Exploit Lets Attackers Completely Disable Browser Extensions." A recently patched exploit is tricking Chrome browsers on all popular OSs to not only give attackers visibility of their targets’ browser extensions, but also the ability to disable all of those extensions.

The research states the exploit consists of a bookmarklet exploit that allows threat actors to selectively force-disable Chrome extensions using a handy graphical user interface making Chrome mistakenly identify it as a legitimate request from the Chrome Web Store.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
Behind the firewall, trouble brews.
Fortinet patches a critical flaw in its FortiWeb web application firewall. Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Command’s fiscal 2026 budget includes a new AI project. Czechia’s cybersecurity agency has issued a formal warning about Chine ... Show More
31m 49s
Jul 10
Cybercrime has a hefty price tag.
UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence ... Show More
35m 48s
Jul 9
Plug-ins gone rogue.
Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and C ... Show More
29m 52s
Recommended Episodes
Apr 2024
Chrome bientôt en version payante ?
Google vient d’annoncer qu’une version payante de son célèbre navigateur Chrome verra le jour d’ici peu. Mais ne vous inquiétez pas, cela ne vous concerne pas… du moins pas encore. Car ce Chrome payant sera essentiellement réservé aux professionnels, d’où son nom assez clair : Ch ... Show More
2 m
Feb 2023
SE Radio 552: Matt Frisbie on Browser Extensions
Matt Frisbie, author of Building Browser Extensions, speaks with host Kanchan Shringi about browser extensions, including key areas where they've been successful. Based on Matt’s experience as a developer working for Google, Doordash, and a startup he founded, they examine tools ... Show More
1h 3m
Sep 2021
Spook.js - This will bloat Chrome even more | The Backend Engineering Show
Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases. Res ... Show More
18m 5s
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More
12m 32s
Sep 2023
Google Chrome gets a makeover
Google Chrome gets a visual makeover; SoundCloud’s TikTok-styled discovery feed is rolling out to everyone; eBay is rolling out a new AI tool for marketplace sellers that can generate a product listing from a single photo Learn more about your ad choices. Visit megaphone.fm/adcho ... Show More
7m 32s
Dec 2017
The browser wars return with new Firefox Quantum
Ready to ditch Chrome or Safari for the latest Firefox browser, promising faster website loads? Jascha Kaykas Wolff from Mozilla joins Jefferson Graham on #TalkingTech to explain. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/p ... Show More
6m 51s
Mar 2021
Chrome 90 will start communicating in HTTPS (port 443) by Default - Let us discuss
For the longest time, all browsers will always use HTTP in schemeless URLs (when HTTP or HTTPS is not specified). Chrome is flipping this with version 90   Chapters *  HTTPS by Default 0:00 * What happens Today 1:00 * What will happen in Chrome 90 4:00 * HSTS? 6:20 * is HTTPS eve ... Show More
12m 33s
Listen to millions of songs and podcasts on Anghami