To fight phishing, Google last year announced it would require users to enable JavaScript during Google Account sign-in so that it could run attack-detecting risk assessments, and this week, the company said it’ll begin to block all sign-ins from embedded browser frameworks like Chromium Embedded Framework starting in June. From a report: For the uninitiated, embedded browser frameworks enable developers to add basic web browsing functionality to their apps, and to use web languages like HTML, CSS, and JavaScript to create those apps’ interface (or portions of it). They’re typically cross-platform — Chromium Embedded Framework runs on Linux, Windows, and macOS — and they support a range of language bindings. With the change, Google is specifically targeting man in the middle (MITM) attacks, which it says are particularly difficult to spot from automation platforms like embedded browser frameworks.
of this story at Slashdot.
Source:: Slashdot