Google has announced an update to its Chrome web browser that blocks notifications intended to threaten users’ online security. While this isn’t the most popular issue, it’s something the browser is right to resolve, as these kinds of attacks can be difficult to detect by the average user. The update has been in the testing stages for months and has now reached the later stages of the process, so it should be on most Chrome users’ PCs soon.
These harmful notifications can be filed as phishing scams. Phishing is one of the most common ways to conduct a cyberattack, but it’s also hard to notice, by design. The idea is an attacker will find a way to convince a user that engaging with its software is safe. This is most often done in the form of showing the user a fake website that appears to be a real one and requesting the user logs in. That then gives the attacker the person’s login information and sets them up for other forms of security breaches.
In the case of this particular phishing cyber attack, rather than prompt a user with a website, the offending party is getting people to agree to false notifications. Chrome version 84.0.4147.89 is updating the platform to curb the effectiveness of these notifications, according to the Chrome developer blog. Its terminology, saying that the update has been released to the “stable channel”, means it’s in the newest Chrome update. Chrome allows users to run the browser in various testing forms – Canary, beta, and Dev, – with the hope that the finished version will make its way up to the stable channel. Stable is basically what the typical Chrome user is running, so all of this means the update will be on your desktop’s version of Chrome within a few weeks if it’s not there already.
How the Cyber Attacks Used Chrome Notifications
Anyone using a web browser in the last two years will have noticed many sites now pop up a dialog box asking if it’s okay for the site to either send desktop or phone notifications or share location data. It’s that tiny pop-up to which your options for a reply are usually “Allow” or “Block”. Granting these permissions will give a site access to your desktop so the sites can then send the desired notifications. This is usually a good thing, but in this type of attack, the permissions you’re giving allow enough access for malware to be installed on your computer, or data to be stolen. To combat this, the new Chrome update puts known abusive notifications in “quiet” mode and informs the user that a site may be trying to scam them before they can click Allow.
