Google to block sign-ins from embedded browser frameworks to counter Man In The Middle phishing attacks

After announcing a slew of security features for G-suite, the company is now introducing a new change that is aimed at curbing Man In The Middle (MITM) phishing attacks. Adding a layer of protection to user sign-ins, the company will block logins that are done via embedded browser frameworks starting June this year. Google says it becomes difficult to detect whether it is an authentic sign-in by a user or a MITM phishing attack when embedded browser framework or when another automation platform is being used for authentication. Therefore, to help enhance user safety, it will block any sign-ins that occur via embedded browser frameworks.  

The new feature will add to the existing countermeasures Google has set in place like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges. One might have noticed a warning message showing up before visiting a dubious site or downloading an app that could be harmful. This is the Safe browsing feature that Google has in place to counter instances of malware or dubious scripts being installed on a user’s computer. Google could also soon add new features that disable sites from detecting users who are browsing in Incognito mode. 

While going Incognito while browsing the web takes care of cookies and some trackers, it is not a fool-proof method to remain anonymous online. some sites can detect when a user is browsing in incognito mode and track them to display subscription options or to register. However, Google is reportedly testing implementation of a Filesystem API flag in Chrome’s incognito mode with version 75 that is said to curb sites from following users who are in incognito mode. The API flag can be enabled by entering chrome://flags in the URL and finding the “Filesystem API in Incognito” flag. You can read more about this feature here. 

from Latest Technology News http://bit.ly/2UxDC1l