loader gif

Google bans logins from embedded browser frameworks to prevent MitM phishing

Google bans logins from embedded browser frameworks to prevent MitM phishing (Computer, Internet Security)

Google announced today a security update for the Google user login system that the company hopes will improve its overall security protections against MitM-based phishing attacks. According to Jonathan Skelker, Product Manager and Account Security for Google, the company plans to block any user login attempts initiated from an embedded browser framework technology. Crooks that manage to place themselves in a position to intercept the user's web traffic for the Google login page will often use an embedded browser framework to automate the login operation. The user enters their Google login credentials on a phishing page, and then the crooks operating the page use an embedded browser framework to automate the login operation on the real Google server. In June 2016, Google banned any login attempts initiated from embedded browsers such as WebView. As for the developers who will now have to rip out embedded browser frameworks like CEF from their apps, Google is recommending that they use browser-based OAuth authentication instead --a solution that isn't prone to phishing attacks.

loader gif