Close Menu
    Facebook X (Twitter) Instagram
    Nintendo-Power
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Nintendo-Power
    Home»Top News»Are insecure downloads infiltrating your Chrome browser?
    Top News

    Are insecure downloads infiltrating your Chrome browser?

    Beatrice AshfordBy Beatrice AshfordOctober 21, 2020No Comments6 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Are Insecure Downloads Infiltrating Your Chrome Browser?
    Share
    Facebook Twitter LinkedIn Pinterest Email

    For all the people complaining about the insecurity of the internet, it is a little safer than it once was. Large adoption of the HDTPS standard means that Internet traffic is often encrypted, providing high quality protection against eavesdropping and human medium attacks.

    In 2018, 50 percent of websites Was the first to use HTTPS security. This number continues to grow, with 96 (representing a sum) of the top 100 best sites on Google A quarter of all web traffic) Default for HTTPS.

    Unfortunately, HTTPS is far from iron clad protection. It encrypts your connection, but does not examine encrypted traffic. This means that your (supposedly) secure connection is fully capable of delivering malware and phishing sites could easily fool people by displaying a secure lock icon to the left of their URL. (Also read: How to Avoid Being Fishy in 2020.)

    Decopedia - Where IT and Business Meet

    Technology is moving fast! Stay ahead of the curve with Decopedia!

    Join the nearly 200,000 subscribers who will receive operational technical insights from Decopedia.

    Over Half of the phishing sites Use HTTPS now, a new study shows Nearly 70 percent are malware Provided via an HTTPS connection.

    Much of this malware distribution takes place through the HTTPS loophole known as “mixed content download”. In this type of attack, you are visiting a protected website with the familiar HTTPS lock icon.

    However, if you download something from the site, it may come from an insecure address or even from a secure address that can host malware. As a result, the content you download from the site is vulnerable to malware.

    From an accidental injury to malicious exploitation

    Mixed content downloads have evolved. You will see mixed content downloads if a developer makes a mistake. Web applications are increasingly complex, so while this kind of incompatibility is unfortunate, it is not hard to imagine.

    If mixed content downloads occur via developer error, the download itself does not pose a high risk (at least compared to everything else on the Internet). Great harm if the developer accidentally creates a source for download that is already contaminated with malware (such as infected PDF) or if the attacker obtains developer credentials and does the same.

    However, the primary location where you see mixed-resource downloads is not the developer error. (Also read: Cyber ​​Security and Infrastructure: Current Trends and Future Improvements.)

    Attackers are increasingly creating phishing sites that use the HDTPS standard and then execute mixed-resource downloads themselves. Since ordinary users do not know exactly what HTTPS is, they will never suspect that a website that uses a lock icon may still phishe their credentials or try to infect their computer.

    Is Google Enough to Prevent Mixed Content Downloads?

    Google is well aware of the problem of mixed content downloads, but it is moving very slowly. In Chrome82 Build, Google has added popup alerts to users if they initiate unsafe downloads on a secure site. They will gradually eliminate mixed content downloads in future developments.

    Creation of Chrome in August 2020 blocked all downloads except images, audio, video and text. By October 2020, mixed content downloads were completely banned.

    Such an extended timeline gives regular developers a lot of time to pull insecure download links and keep them secure – but it also gives a lot of time for bad actors to act. It is also a good idea to warn users when downloading unsafe resources, but Up to 33 percent Click through these alerts when users appear.

    Finally, these security measures will close a path for insecure downloads, while opening up many more. Attackers can still load malicious resources on secure download links because there is no way to tell Chrome that these resources are legitimate.

    While developers are busy converting their mixed content links to HTTPS links, attackers are busy doing the same.

    Mixed content is a glare tool for Chrome vulnerabilities

    There are a number of ways attackers can use Chrome to turn malicious content into legitimate resources. Chrome extensions, for example, are software applets designed to extend functionality Browser, can often be used maliciously.

    All extensions are advertised through the Chrome Web Store, It should automatically check for extensions for malicious content. These are extensions In other words, it provided a legitimate air. Attackers use this legitimacy to cause problems. Google was removed on this writing day (June 18, 2020) 100 malicious extensions Designed to fool security checks, take screen shots of the browser, monitor users’ keystrokes, and more. Overall, these extensions were downloaded by nearly 33 million people.

    This is not an isolated incident. In 2019, 1.5 million people Downloaded a couple of apps disguised as popular ad-blocking extensions. However, instead of blocking ads, applications load malicious tracking cookies into users’ computers.

    About a year ago, another Chrome extension was discovered as part of a botnet that infected websites with cryptocurrency code. (Also read: How cryptocurrency malware dominates cyber security.)

    The point is, even though Chrome is said to be a secure main browser (which is not a false claim — it is definitely safe), it is a security relative. In some ways, Chrome’s reputation for security works against it. Because users think Chrome is safe, they often think it’s more secure than any browser.

    Browsers require additional security infrastructure

    Basically, attackers are very clever to keep any browser really safe, and the amount of security awareness training does not teach every user to avoid phishing sites – especially when those phishing sites are protected by HTTPS, which seems very reasonable.

    If you can not trust your browser, you should watch Zero Trust Solutions. These are security tools designed so that no user or utility is taken for granted – they are all compromised.

    In this case, remote browser isolation (RBI) is the best tool to use for increased browser security. (Also read: The first 6 qualities to look for in a browser isolation solution.)

    In this setting, the browser is housed inside the DMZ or in a secure container in the cloud, which streams fully interactive content to the user’s endpoint. Because the browser is isolated, malicious downloads and extensions will never end up on the user’s computer and they will not be affected.

    Even if browsers are not completely secure within themselves, you can protect them by modifying the infrastructure around them. Just as HTTPS protects your Internet traffic, so does the Reserve Bank help protect your endpoint.

    Beatrice Ashford

    Beatrice Ashford is a contributor at Nintendo-power.com, covering a wide range of topics including news, politics, business, technology, sport, entertainment, and lifestyle. She focuses on delivering clear, balanced reporting and useful information that helps readers stay informed about current events and emerging developments. Her work highlights stories that matter to everyday audiences, with an emphasis on accuracy, relevance, and accessible journalism that keeps readers connected to the issues shaping the world around them.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Acrylic Nails for the Modern Professional: Balancing Style and Practicality

    September 6, 2024

    The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat

    September 2, 2024

    Choosing Between a Russian and a Greek Tortoise: What You Need to Know

    June 21, 2024
    Leave A Reply Cancel Reply

    Navigate
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Pages
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    Recent
    • Games Done Quick Reveals Flame Fatales 2026 Schedule Supporting Malala Fund
    • 17,000 Brain Scans Reveal Unexpected Ethnic Differences in Alzheimer’s Disease Biology
    • Lenovo Unveils Mini PC Built Around Downloadable AI Skills Instead of Traditional Software
    • Uranus and Neptune May Be Magma Worlds Rather Than Ice Giants
    • Women’s Prize for Fiction 2026 Longlist Revealed with Susan Choi and Katie Kitamura Among Contenders
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    © 2026 Nintendo Power. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.