Google will Block Login Attempts Through Built-in Browser Frameworks to Protect against MitM Attacks

Google will Block Login Attempts Through Built-in Browser Frameworks to Protect against MitM Attacks. Google engineers continue to work to improve user security. Let me remind you that at the end of 2018, the company talked about the mechanism aimed at combating headless browsers and bots. It does not allow you to log in to your Google account if JavaScript is disabled in your browser Even earlier, in 2016, developers took similar measures for embedded browsers, such as WebView.

Now it became known that the next step will be blocking login attempts through the embedded browser frameworks, and the changes will affect Chromium Embedded Framework (CEF), XULRunner and other similar solutions.

These measures are primarily aimed at combating man-in-the-middle (MitM) and phishing attacks. The fact is that attackers who have the ability to intercept traffic to the Google login page often use such frameworks to automate their activities, which, moreover, allows them to deceive two-factor authentication.

Google engineers admit that they cannot distinguish legitimate attempts to log in from such attacks, and therefore frameworks will begin to block from June 2019. Instead, developers are encouraged to switch to using OAuth .

Shares