« previous next »
Pages: [1]   Go Down

Author Topic: Google browser newtab insecure connections...  (Read 2107 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Google browser newtab insecure connections...
« on: January 12, 2020, 05:25:53 PM »
This is what I get on a new search page via https only -

Unique IDs about your web browsing habits have been insecurely sent to third parties.

195=c71jmkaox1byl8owjz73-g4wvqoXXXXXXXXXXXXXXXXXXXXXXXX3a5jilljyp09bdtj0ogdfbasworfyj8gqiaelkpaakuwchf7qvapelhfpsrjlrnpx-mgcil7a1scql6kivxmyyer2qjjaw6u02zuziy4zoqa2tdtXXXXXXXXXXXXXXXXXXXX7koaa2oaqpsi8ejxjwvrx_s08jyohkle9dghuvy805l9go
& -apis.google.com

Is this a phishing attack via some extension. Did reset the browser settings, and this did not cure it?

In the console I see:
Quote
A cookie associated with a cross-site resource at h loval-ntp.html:1 ttp://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
content.js:21 Uncaught TypeError: Illegal invocation: Function must be called on an object of type StorageArea
    at content.js:21
Also consider info here: https://securitytrails.com/list/apex_domain/ww1.sinaimg.cn.w.alikunlun.com  (Alibaba advertising)

Anyone,

polonus
« Last Edit: January 12, 2020, 06:34:56 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Google browser newtab insecure connections...internal browser page
« Reply #1 on: January 12, 2020, 10:01:01 PM »
Seems there is 14% of tracking being blocked on: local-ntp.chrome-search-scheme
that is for -play.google.com as xmlhttprequest   with 2 requests blocked
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT (-https://play.google.com/log?format=json&hasfast=true)
No ads and security threats found.
Other extensions meet with an unsupported uri-error there, so they have no access.

Also
Quote
"script-src 'report-sample' 'nonce-7aFDVgfk0JW5NVKIzgFdbA' 'unsafe-inline'".

window.console.error @ VM14:37
userscript.html?id=2e3eadc0-39e9-4512-bab0-1e350c99d118:2 EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'report-sample' 'nonce-7aFDVgfk0JW5NVKIzgFdbA' 'unsafe-inline'".

    at new Function (<anonymous>)
    at ka (<anonymous>:53:143)
    at Window.enhance [as setTimeout] (<anonymous>:57:66)
    at Window.tms_2e3eadc0_39e9_4512_bab0_1e350c99d118 (userscript.html?id=2e3eadc0-39e9-4512-bab0-1e350c99d118:763)
    at <anonymous>:3:75
    at userscript.html?id=2e3eadc0-39e9-4512-bab0-1e350c99d118:2
    at userscript.html?id=2e3eadc0-39e9-4512-bab0-1e350c99d118:3
    at Object.window.__u__15099292.697225481 (userscript.html?id=2e3eadc0-39e9-4512-bab0-1e350c99d118:764)
    at <anonymous>:3:75
3 requests from -apis.google.com connect unhindered, but there I blocked unencrypted requests with HTTPS Everywhere,
other tools do not work on internal browser page.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »