1. Cybersecurity >
  2. Cybersecurity Nachrichten >
  3. Chrome Caught Exempting Google Sites From User Requests To Delete Data

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Chrome Caught Exempting Google Sites From User Requests To Delete Data


IT Security Nachrichten vom | Direktlink: tech.slashdot.org Nachrichten Bewertung

This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it's reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn't being removed for two sites in particular: Google and YouTube. This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, "local storage" data for Google.com and YouTube.com stuck around even after restarting the browser. We've been able to replicate similar behavior... The Register notes that Chrome's behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they're being careful by deleting their cookie and site data every time they close the browser. In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube's local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.

Read more of this story at Slashdot.

...
https://tech.slashdot.org/story/20/10/25/0155246/chrome-caught-exempting-google-sites-from-user-requests-to-delete-data?utm_source=rss1.0mainlinkanon&utm_medium=feed

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Diving Deep Into a Pwn2Own Winning WebKit Bug

vom 384.56 Punkte ic_school_black_18dp
Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of

Announcing Entity Framework Core 5.0 Preview 4

vom 360.15 Punkte ic_school_black_18dp
Today we are excited to announce the fourth preview release of Entity Framework Core (EF Core) 5.0. The fourth previews of .NET 5 and ASP.NET Core 5.0 are also available now. Be sure to check out the full release of Blazor WebAssembly 3.2.0! Prerequisites The previews of EF Core 5.0 require .NET Standard 2.1. This means: EF Core 5.0 runs

ConstraintLayout 2.0.0 beta 7

vom 338.04 Punkte ic_school_black_18dp
We are happy to announce the release of ConstraintLayout 2.0 beta 7. It’s available from the google maven repository:dependencies {    implementation 'androidx.constraintlayout:constraintlayout:2.0.0-beta7'}or if using the android.support packages:dependencies {    implementation 'com.android.support.constraint:constraint

CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters

vom 326.97 Punkte ic_school_black_18dp
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931

Google Chrome bis 61 v8 HTML Page Use-After-Free Pufferüberlauf

vom 305.53 Punkte ic_school_black_18dp
In Google Chrome bis 61 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktion der Komponente v8. Durch Manipulation durch HTML Page kann eine Pufferüberlauf-Schwachstelle (Use-After-Free) ausgenutzt werden. CWE definiert das Pr

Google Chrome bis 61 v8 HTML Page erweiterte Rechte

vom 305.53 Punkte ic_school_black_18dp
Es wurde eine kritische Schwachstelle in Google Chrome bis 61 gefunden. Es betrifft eine unbekannte Funktion der Komponente v8. Durch die Manipulation durch HTML Page kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. Im Rahmen von CWE wurde

Announcing Entity Framework Core 5.0 Preview 2

vom 294.07 Punkte ic_school_black_18dp
Announcing Entity Framework Core 5.0 Preview 2 Today we are excited to announce the second preview release of EF Core 5.0. The second previews of .NET 5 and ASP.NET Core 5.0 are also available now. Prerequisites The previews of EF Core 5.0 require .NE

ConstraintLayout 2.0.0 beta 5

vom 287.92 Punkte ic_school_black_18dp
We are happy to announce the release of ConstraintLayout 2.0 beta 5. It’s available from the google maven repository:dependencies {    implementation 'androidx.constraintlayout:constraintlayout:2.0.0-beta5'}or if using the android.support packages:dependencies {    implementation 'com.android.support.constraint:constraint

ConstraintLayout 2.0.0 beta 2

vom 284.71 Punkte ic_school_black_18dp
We are happy to announce the release of ConstraintLayout 2.0 beta 2. It’s available from the google maven repository: dependencies {    implementation 'com.android.support.constraint:constraint-layout:2.0.0-beta2'} or if using the AndroidX packages: dependencies {    implementation 'androidx.con

Announcing Entity Framework Core 5.0 Preview 1

vom 265.8 Punkte ic_school_black_18dp
Today we are excited to announce the first preview release of EF Core 5.0. Prerequisites The previews of EF Core 5.0 require .NET Standard 2.1. This means: EF Core 5.0 runs on .NET Core 3.1; it does not require .NET 5. This may change in future previews de

CVE-2020-0729: Remote Code Execution Through .LNK Files

vom 259.53 Punkte ic_school_black_18dp
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, John Simpson and Pengsu Cheng of the Trend Micro Research Team detail a recent remote code execution bug in Microsoft Windows .LNK files. The following is a portion of

Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

vom 254.31 Punkte ic_school_black_18dp
This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t

Team Security Diskussion über Chrome Caught Exempting Google Sites From User Requests To Delete Data