A new bug on the Google Chrome browser allows hackers to access your private data from Facebook and Google , and possibly other sites as well.
Uncovered by cyber security firm Imperva, the security flaw affects those who are not running the latest version of Chrome.
The bug is able to mine private data using a process similar to the game ’20 Questions’, where responses can help to whittle down the number of possible answers.
Hackers can insert audio and video HTML tags into websites and take note of the response Chrome receives from sites like Facebook.
While the responses themselves wouldn’t directly reveal any data, they could be used to ‘ask’ a series of yes or no questions.
When combined with a feature like Facebook’s audience tools, which enable users to post content only to specific demographic groups, the response could help hackers to work out personal details.
"For example, a bad actor can create sizeable Facebook posts for each possible age, using the Audience Restriction option, making Facebook reflect the user age through the response size," said Imperva security researcher Ron Masas.
"The same method can be used to extract the user gender, likes, and many other user properties we were able to reflect through crafted posts or Facebook’s Graph Search endpoints."
Attacks could be even more serious when running on a site that requires email registration, such as online shopping sites.
"In this case, the above-mentioned practices would allow the bad actor to correlate the private data with the login email address for even more extensive and intrusive profiling," said Masas.
The vulnerability affects all browsers that are based on the Blink engine, which includes Chrome.
The problem is potentially widespread as currently, nearly 60% of online users opt for the Chrome browser.
After Imperva reported the bug to Google, the tech giant released a patch to fix the bug in the latest version of Chrome 68, which was released in July.
However, that still leaves users of older versions of Chrome vulnerable to hackers.
The expert is advice it to make sure you’re running the latest version of Chrome.
How to update Chrome on computer
On your computer, open Chrome.
At the top right, click More (the icon made up of three dots, to the right of the
Click Update Google Chrome. If you don’t see this button, you’re on the latest version.
Click Relaunch.
How to update Chrome on Android
On your Android phone or tablet, open the Play Store app.
At the top left, tap Menu > My apps & games. Apps with available updates are listed under "Updates."
Under "Updates," look for Chrome.
If Chrome is listed, tap Update.
How to update Chrome on iPhone and iPad
On your iPhone or iPad, open the App Store.
At the bottom, tap Updates.
In the pending updates, look for Chrome .
If Chrome is listed, tap Update to install.
If asked, enter your Apple ID password. The updates will download and install.
Source: Read Full Article