Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

11/10/2017
11:40 AM
50%
50%

Google Updates Chrome to Prevent Unwanted Content, Redirects

Changes to Google Chrome aim to prevent users from being redirected to unexpected websites and unwanted content.

Google is updating its Chrome browser to protect users from redirection to unexpected websites and unwanted content, the company announced this week.

The next few releases of Chrome will contain three new protections.

According to Google, one in every five desktop users encounter unwanted content. Many users  unexpectedly navigate to a new Web page, often the result of embedded third-party content. In Chrome 64, all redirects from third-party iframe will show a sidebar of information instead of redirecting - unless the user had been interacting with that frame.

Similarly, sometimes users click on a desired destination, which opens in a new tab, but the main window navigates to an unwanted page. In Chrome 65, this behavior will trigger an infobar and prevent the main tab from redirecting and circumventing Chrome's pop-up blocker.

Other redirects are harder to detect; for example, when links to third-party sites are disguised as play buttons or other website controls. In early January, Chrome will update its pop-up blocker to prevent these sites from opening new windows or tabs.

Read more details here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13545
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
CVE-2019-13541
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
CVE-2019-17367
PUBLISHED: 2019-10-18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
CVE-2019-17393
PUBLISHED: 2019-10-18
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and pa...
CVE-2019-17526
PUBLISHED: 2019-10-18
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').pop...