Google bans logins from embedded browser frameworks to prevent MitM phishing

Google bans logins from embedded browser frameworks to prevent MitM phishing 1

Google announced today a security update for the Google user login system that the company hopes will improve its overall security protections against MitM-based phishing attacks.

According to Jonathan Skelker, Product Manager and Account Security for Google, the company plans to block any user login attempts initiated from an embedded browser framework technology.

This includes any logins attempted from tools like the Chromium Embedded Framework (CEF), XULRunner, and others.

Embedded browsers frameworks abused for MitM phishing

Over the past year, cyber-criminals have been using these tools as part of man-in-the-middle (MitM) attacks.

Crooks that manage to place themselves in a position to intercept the user’s web traffic for the Google login page will often use an embedded browser framework to automate the login operation.

The user enters their Google login credentials on a phishing page, and then the crooks operating the page use an embedded browser framework to automate the login operation on the real Google server.

They use this technique to bypass two-factor authentication systems, and embedded browser frameworks are usually the component that interacts with Google servers on the cyber-criminal’s behalf.

Google can’t tell embedded browsers from real users

“Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June,” Skelker said.

This is just Google’s latest security update the company has rolled out for its user login system.

Last October, the company banned any login attempts from browsers where JavaScript was disabled. In June 2016, Google banned any login attempts initiated from embedded browsers such as WebView.

As for the developers who will now have to rip out embedded browser frameworks like CEF from their apps, Google is recommending that they use browser-based OAuth authentication instead –a solution that isn’t prone to phishing attacks.

“Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices,” Skelker said. “If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today.”

More cybersecurity coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022
Crypto Crime
Crypto Crime Surges To Record Highs As Thieves Follow Market Buzz – Chainalysis 2022 Report
February 24, 2022
Bots Circumvent 2FA Login At Coinbase And Other Crypto Exchanges In 2022
Bots Have Circumvented 2FA Logins At Coinbase And Other Crypto Exchanges In 2022
February 17, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin28,842 0.39 % 2.63 % 5.07 %
Ethereum1,751.4 0.58 % 4.89 % 13.46 %
Tether1.001 0.05 % 0.04 % 0.02 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
BNB302.25 0.11 % 3.05 % 1.75 %
XRP0.3849 0.03 % 3.51 % 8.70 %
Binance USD1.002 0.43 % 0.45 % 0.19 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana42.11 0.27 % 5.43 % 19.53 %
Dogecoin0.08156 0.84 % 2.64 % 6.33 %

Bitcoin (BTC) $ 28,930.00
Ethereum (ETH) $ 1,764.13
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 302.88
XRP (XRP) $ 0.386336
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.461146
Solana (SOL) $ 42.44
Dogecoin (DOGE) $ 0.080981