SECURITY WARNINGS & Notices - Please post them here

[polonus]

Hi essexboy,

You might have a point there. I think it is because the browser became more and more popular. Google Chrome wants too much too soon and within a short time. Marketing dictates and security may give out at a certain moment.
Lately I saw someone could circumvent my google +  account security and I had to block some strange entity that wanted to be added to my acquaintances.

It is dangerous to use Password Managers now inside Google Chrome and that one user model for all Google services is certainly making the attack surface of the client larger and larger. Their bringing in "https-only" will also benefit malcreants' encryption and circumvention (for malvertisers and other cybercriminals), while not every https website is up to those security standards yet to securily run inside Google Chrome.

Besides the normal user with a simple only txt info website format will become an endangered species and implementation of SSL and certification could be a costly exercise for non-commercial websites, so we will finally land there where they were aiming at that is at a situation where we can only welcome big(ger) commercial websites and we might lose the Interwebs for everyone and all else (bloggers, alternative info sites, etc. etc.). When my prediction will come through, do not say in the aftermath that I did not warn in advance for what is about to materialize....  or all will adopt a more secure HTTPS protocol. Then there is still a lot of work to be done. We will see where it leads.

Here the situation on SSL as it presents itself to-day from SSL-Pulse: https://www.trustworthyinternet.org/ssl-pulse/
Over 114.000 site with inadequate security. Only 22.1% was found to be secure!

polonus

[SpeedyPC]

Definitely time to leave Chrome for something more secure

That is why I choose Firefox because it give me more control and secure than Chrome, and I've heard most people prefer Firefox with a much better option and they always keeps the browser software up to date all the time.

[Cast]

Back when firefox was on 3.x I wasnt too fond of it because I found it to be clunky and slow compared to Chrome but since its more recent releases a lot has changed.

[Asyn]

Definitely time to leave Chrome for something more secure

Agreed.

[DavidR]

Definitely time to leave Chrome for something more secure

Should avast! now be considering offering Chrome, not just offering it but having it as an opt-out option.

[REDACTED]

Definitely time to leave Chrome for something more secure

Should avast! now be considering offering Chrome, not just offering it but having it as an opt-out option.

+1 Good question.

[bob3160]

Definitely time to leave Chrome for something more secure

Agreed.

Chrome isn't any less secure than it was before the tool that was cracked ever came into existence.
It was a tool designed to make phishing exploits less likely.
I think someone is jumping the gun

[essexboy]

Unfortunately Chrome has now become very easy to subvert, so far about 60% of the infections that I handle on Chrome necessitate  a full uninstall/re-install to cure the problem.  As malware is now using the same ID as google store chrome apps.  The only way to determine if it is legitimate is to do a file by file scan, however, where the normal number of extensions is about 10 then the files to be looked at are just to much to realistically expect any one to look at.  So remove it all and re-install is the quickest option.  The problem is increasing and not reducing 

[polonus]

Well this extension might help: chrome-extension://lkakdehcmmnojcdalpkfgmhphnicaonm/options.html
Extension Defender
Scan your installed extensions for adware, malware, or tracking extensions.

Mine are all genuine and above board - Google should do some cleansing again.

But I agree we see loads of these uninstall-reinstall routines performed by esseboy because of Google Chrome compromittal.
That browser needs hardening. And because of the all Google services integration the browser has become more and more vulnerable. Marketing as a first priority and user security as a last resort issue. 

polonus

[Para-Noid]

Tech Support Scam Source Code Found on GitHub

https://blog.malwarebytes.org/fraud-scam/2015/05/tech-support-scam-source-code-found-on-github/?utm_source=Gplus&utm_medium=social

[bob3160]

So we are talking about installing unsafe add-ons. The same problem we had not long ago in Firefox.
It's the add ons that are the problem and maybe folks need to be careful what they add to their browser regardless of the browser they use.

[essexboy]

Unfortunately the fake ones are available in the chrome store, currently helping some one with this problem  and having cleaned him up once he downloaded an adblocker from chrome store.... now re-infected

In Chrome settings there is a message at the top:
"Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults. Learn more"  and if you click on extensions, get more extensions, the chrome plug in/ app strore still has a mixture of bogus, and I think, genuine plug-ins listed.  E.g. BetaFish AdBlocker comes up if you search for ad blocker, and googling that it looks like it is genuine, but above it is a fake adblocker app where the listing is all ungrammatcal, e.g.: "Uses more than 50 million people, free for chrome that blocks all ads and pests is an ad blocker"

[polonus]

Hi bob3160,

That is exactly the problem that Google needs to adjust. They need to cleanse shop from junkware that will compromise the Google Chrome Browser settings beyond repair. Junkware remover does a good job of finding this malcode initially, but Google has to keep these criminals out of their install store.
Read here: http://tech.slashdot.org/story/15/04/09/2043226/google-is-too-slow-at-clearing-junkware-from-the-chrome-extension-store

Damian

P.S. Some page capturing extensions were spying on users and I had to change mine for FireShot.
Read: http://betanews.com/2015/04/08/google-is-too-slow-at-clearing-crap-from-the-chrome-extension-store/
Quote:

Google is quick to point out that malicious ad injectors are not specific to Chrome -- they can also be found in Firefox and Internet Explorer. The company says: "We don’t ban injectors altogether -- if they want to, people can still choose to install injectors that clearly disclose what they do -- but injectors that sneak ads into a user’s browser would certainly violate our policies".

[bob3160]

Chrome may not be my default browser but, I do use it. I'm also quite certain that the extensions installed on both chrome and Firefox are equally safe.
It is still the user that needs to be educated and, that has always been the problem with almost all compromises.

[polonus]

Hi bob3160,

Browsing "in the nude" as FwF puts this so eloquently, has always been a problem and creates problems as well. Users need to check their browser extensions and plug-ins, their clicks, use some form of in-browser protection, like an adblocker, script blocker, and check on all things they thoughtlessly may install. I am also out on Google Chrome (in sandboxie) but I haven't encountered any problem yet, but there are certain places and clicks I will shun. When I do not know where I am heading, I perform a decent pre-scan and my downloads enter a Metascan online pre-scan first (I will survive the couple of extra secs this costs and I know "my OS and browser will thank me for this").

polonus