Latest in Gear

Image credit: SIPA USA/PA Images

Google will block embedded browser log-ins to fight phishing

Embedded browser log-ins are prone to man-in-the-middle attacks, after all.
497 Shares
Share
Tweet
Share
Save

Sponsored Links

SIPA USA/PA Images

Embedded browsers within apps can be useful if you want to use an existing account from another service -- say, your Gmail log-in -- to access their features. However, they're also really easy to weaponize for man-in-the-middle types of phishing attacks. Since Google can't differentiate between a legitimate log-in and a phishing attempt through a browser from within an application, it's blocking sign-ins from all embedded browser frameworks starting in June.

Bad actors can exploit embedded browsers, such as Chromium Embedded Framework, by intercepting communications between the user and providers like Google. The method gives them a way to steal log-in credentials, sometimes even multi-factor authentication details, in real time. Google has been implementing more security measures around log-ins in recent months in an effort to protect users' details. In late 2018, for instance, it launched a risk-assessment feature that requires JavaScript to be able to sign into your account.

In the near future, you'll find yourself getting switched to Chrome, Safari, Firefox or other mobile browsers when you have to sign in to access an application. The tech giant is advising developers to switch to browser-based OAuth authentication, which shows the URL of the page you're on and could, in turn, help you avoid phishing attacks.

Via: 9to5google
In this article: gear, google, internet, log-ins, mobile
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
497 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Sony says the PlayStation 5 won't waste as much energy as the PS4

Sony says the PlayStation 5 won't waste as much energy as the PS4

View
Google vows to never store Assistant recordings without permission

Google vows to never store Assistant recordings without permission

View
24 hours with Huawei’s Mate 30 Pro: Incredible cameras, gloomy future

24 hours with Huawei’s Mate 30 Pro: Incredible cameras, gloomy future

View
YouTube Music counters Spotify with its own 'Discover Mix'

YouTube Music counters Spotify with its own 'Discover Mix'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr