Google Chrome is one of the most popular browsers in the market. But a new bug has been discovered in the browser which can allow the hackers to access the private data from the social networking site Facebook and Google and possibly from other sites as well. The new bug was discovered by the cyber security firm Imperva and the flaw will affect those who are not running the latest version of Chrome.
The new bug discovered has the ability to dig out the private data with the help of a process similar to the game 20 Questions where the responses can help to dig out the number of possible answers. The hackers can insert the audio and video HTML tags in the websites and take note of the responses that they receive on Chrome from the sites like Facebook.
However, the data itself cannot reveal the data directly but they could be asked a series of yes or no questions. When they are combines with the Facebook audience tools that enables the users to post content only to specific demographic groups, the response can help the hackers to calculate the personal details. The Imperva Security researcher Ron Masas said, “For example, a bad actor can create sizeable Facebook posts for each possible age, using the Audience Restriction option, making Facebook reflect the user age through the response size”. Masas added, “The same method can be used to extract the user gender, likes, and many other user properties we were able to reflect through crafted posts or Facebook’s Graph Search endpoints.”
The attacks can be even more serious when running on a site that requires email registration like some of the online shopping sites. Masas also said that in such a case the above practices can allow the bad actor to correlate to the private data with the login email addresses for even more extensive and intrusive profiling. Google has now released a patch to fix the bug in the latest version 68 that was released in July, 2018.
Photo Credits: Android Authority