Month: May 2021

A few weeks ago, Google rolled out the 90th iteration of Chrome. This new update comes with a host of new features, including the ability to name your tabs. On Windows 10, Chrome is also enriched with new security features aimed at protecting computers against computer attacks.

Unfortunately, the latest version of Chrome does not work properly on many machines running Windows 10. According to the testimonies collected by our colleagues from 9to5Google, the Google browser keeps crashing.

WHAT TO DO IF CHROME 90 CRASHES ON WINDOWS 10?

Specifically, all tabs opened by the user stop responding. They then display an empty page entitled “without title”. This is also the case for most extensions installed on Chrome. They become unusable for long minutes. According to some reports, Chrome 90 also regularly refuses to start, even after several restarts.

If you are affected by these bugs, 9to5Google advises you to install the latest beta of Chrome. Aware of some malfunctions, the giant of Mountain View has already integrated a patch to the update. Google should soon propose this patch on the stable channel.

While waiting for this patch, the media also recommends uninstalling and reinstalling Chrome directly from the Google website. Then, activate the synchronization of history, bookmarks and passwords. Close the web browser. Open File Explorer and go to the following address: %LOCALAPPDATA%\Google\Chrome\User Data. Then simply delete the “Local Stafe” file.

A researcher has discovered a batch of 12 computer flaws, which he has grouped under the name FragAttacks. Relatively difficult to exploit, these vulnerabilities are still dangerous. That’s why it is highly recommended to update all Wi-Fi devices.

A discovery of 12 vulnerabilities, the oldest of which date back to… 1997. The Belgian researcher Mathy Vanhoef published this May 11 a site dedicated to a whole lot of flaws in the very functioning of Wi-Fi, which he called “FragAttacks”.

For 9 months, he has been working with the Wi-Fi Alliance and the various companies concerned by these vulnerabilities to have them corrected. Ten of them have already published their patches: Microsoft, Intel, Cisco, Eero, Samsung, Nextgear… Users just have to run the updates (as they are advised to do systematically).

“Three of the vulnerabilities discovered are design flaws in the Wi-Fi standard and therefore affect most devices,” said the researcher, as noted by The Record Media. The other vulnerabilities are due to programming errors in the implementation of the Wi-Fi standard in products. “My experiences indicate that every Wi-Fi product is affected by at least one vulnerability and most have more than one,” Vanhoef said.

Properly exploited, FragAttacks allow a wide range of manipulations. In the worst case, the hacker could use it to execute the code (and therefore the program) of his choice on the victim’s device, all remotely. In the jargon, this is called RCE (for Remote Code Execution), and it is the ultimate goal of any hack, a sign that it is dangerous. From a RCE, it is possible to steal confidential information, to steal credentials from private accounts, to hijack transactions…

DANGEROUS VULNERABILITIES, BUT NOT EASY TO EXPLOIT

In his demonstration, the researcher takes advantage of the lack of secure connection on the site of the University of New York to simulate the takeover of a computer:

While FragAttacks are problematic – for proof, the reaction of manufacturers – they remain relatively difficult to exploit. First, the hacker must be within range of the Wi-Fi. Secondly, the exploitation requires user interaction, i.e. clicking on a malicious link or accepting a command for example. In other words, the attack is not sufficient on its own, the perpetrator must first succeed in phishing or another attack to trap the victim.

A simple precaution of navigation allows to avoid any risk: the Internet user must make sure to access the sites by HTTPS connections. The encryption offered by this security standard prevents the hacker from modifying the content of the information sent to the router, and therefore from exploiting the FragAttacks flaws. Today, HTTPS is very widespread, because it is free to set up with Let’s Encrypt, and because browsers try to push – or even force – its use. Mathy Vanhoef had already distinguished himself in 2017 for finding another Wi-Fi vulnerability, named “Krack”.

Important aesthetic changes

The first developer previews of Android 12 don’t have many new features, the beta versions should be much more interesting. For the first time in several years, Google is reportedly making a major change to the interface of its operating system.

Android 12 would introduce a control center very similar to iOS, evolve its notification center, give a lot of importance to widgets and, most importantly, put personalization and colors at the heart of the system.

Other things would evolve with Android 12, such as the ability to know when an application is using your microphone or camera (this is already the case in the developer pre-releases) and the introduction of a new keyboard with a new theme. All these new features should be widely highlighted on Tuesday evening.

01net.com will offer you a complete coverage of the big annual Google conference. Just head over to our site, Twitter or 01TV to follow Google I/O in real time. We hope to bring you a full hands-on look at Android 12 in the process.

According to Flurry Analytics, a company that specializes in application performance analysis, an overwhelming majority of iPhone owners are opting out of this ad tracking through the notification that apps are now required to display.

The company has indeed put online a daily observatory – based on the study of more than 5 million users – to track the acceptance and refusal rate in the United States and globally.

Since April 26, when iOS 14.5 was rolled out, only 11% to 12% of notifications have received a favorable outcome. In total, therefore, between 88 and 89% of access requests have been denied. The figure is even higher in the United States, with an average of 96% of denials.

These notifications, which ask users for permission to track their “activities in apps and on other companies’ websites” offer two choices: “Ask the app not to track my activities” or “Allow”.

To stop tracking, users can respond negatively to this request, but also have the option to automatically block tracking from all apps by going to settings > privacy > tracking, then unchecking the “Allow app tracking requests” box. A manipulation that only 5% of iPhone users on iOS 14.5 have done, according to Flurry Analytics.

For online advertising giants, who will have to make a cross on a large – and very profitable – amount of personal data to refine their ads, this update calls into question part of their business.

Some of the most affected giants, such as Facebook, Instagram, but also Vinted, are preceding the notification with a message written by them and threatening to charge users if too many of them refuse the tracking.

With iOS 14.5, released at the end of April, Apple introduced its anti-ad tracking system. From now on, applications must ask the user’s permission before tracking their activities for the personalization of advertising campaigns. This translates into the display of a panel when the application is opened, with the possibility for the user to accept or refuse this tracking.

This measure has caused an outcry from advertisers, and the first figures confirm their fears: when given the choice, users overwhelmingly refuse to be tracked. According to statistics from Flurry Analytics, the rate of acceptance of ad tracking does not exceed 13% worldwide, with an almost flat curve since the release of iOS 14.5. In the U.S., the rate would plateau at just 5%.

Flurry Analytics adds that few users would still be aware of the global setting to refuse everything once and for all: the rate of users who have activated this option would be only 5% worldwide. The setting is located in Settings > Privacy > Tracking > Allow app tracking requests.

While MIUI 12 continues to roll out, its successor MIUI 13 could arrive as early as June 25, 2021. In total, it would be no less than 80 smartphones that will be compatible with the update, according to a recent leak. Find here the complete list of devices concerned.

With Android 12 coming soon, it’s time for Xiaomi to work on the successor to MIUI 12. The manufacturer has not been idle since, in April 2020, it was already working on the 13th version of its overlay. A year later, this one could well be unveiled before long. According to the Telegram channel MIUI 12 Updates, the update is expected to arrive during the second quarter of 2021. Although no official date has been announced, rumors seem to revolve around June 25, 2021.

This launch is, as usual, only for Chinese users. If this date turns out to be accurate, we will probably have to wait a few more months for Xiaomi smartphone owners. In the meantime, a source has revealed the list of devices that will be compatible with MIUI 13 at its release. Among them are Xiaomi smartphones of course, but also Redmi, Poco, and Black Shark. This is a total of more than 80 phones that could benefit from the update.

Facebook is not one to let up when it comes to exposing how its users’ data can be used for advertising purposes on its own platforms.

An encrypted messaging service that has made the protection of its users’ data a real leitmotiv, Signal explains that it came up with an advertising campaign whose objective was to draw attention to the way Facebook exploits its members’ personal information.

For example, Signal planned to run personalized Instagram ads that read, “You’re seeing this ad because you’re a teacher, but mostly because your name is Leo (and you’re single). This ad used your geolocation to see that you are currently in Moscow. You like comedy sketches and this ad thinks you are a flirt.

Another variation: “You see this ad because you are a chemical engineer and you love K-Pop. This ad sees that you are in Berlin. You recently had a baby and you just moved.”

Each piece of information used to personalize the text of these ads had to be highlighted, so people could better realize what kind of data Facebook has about them.

“In the Facebook world, the only acceptable thing is to hide what you’re doing to your users.”

“Facebook’s tools have the potential to disclose what is otherwise invisible. It’s already possible to capture bits and pieces of these truths in the ads that are shown to you. These are pieces of information that reflect the fact that an opaque system is watching and knowing you. We wanted to use these same tools to directly highlight how most of these technologies work,” summarizes Signal, which explains that it bought advertising space on Instagram to broadcast this campaign and open the eyes of users of Facebook’s photographic social network. Yes, but here’s the thing, Mark Zuckerberg’s firm didn’t agree.

“Facebook is always willing to sell visibility into people’s lives, unless it’s to inform them how their data is actually being used. Being transparent about how ads use people’s data is apparently enough to get banned. In the world of Facebook, the only acceptable thing is to hide what you’re doing to your users,” finally accuses Signal, which was unable to broadcast the said campaign.

Two WebKit vulnerabilities, which could be exploited, forced Apple to react and roll out a security update to its devices.

Apple has rolled out a software update for several of its operating systems: iOS 14.5.1, iOS 12.5.3 (for older iPhone and iPad models), macOS 11.3.1 and watchOS 7.4.1.

WebKit is involved

The update addresses security vulnerabilities related to the WebKit software library, exploited by Safari, the Apple browser.

Two vulnerabilities that have been fixed could lead to the execution of arbitrary code when processing malicious web content. They could potentially have been exploited by hackers, so be sure to install the update on your Apple device.

The update also fixes a bug with App Tracking Transparency. When it was disabled and then re-enabled, users continued to receive authorization requests from apps.