Apps on our mobile devices like Facebook, Instagram, Reddit, and so on come with their own built-in browsers. The idea is that this will help keep users using their app even when they have clicked a link. However, the problem with embedded browsers is that they can be exploited and used with man-in-the-middle attacks.

Advertising

Google is aware of this and come June, the company has announced that they will be blocking logins from embedded browsers. “MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in. Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June.”

For those who are unfamiliar with MITM attacks, basically, it is where the hacker (the person in the middle) will steal your credentials when you enter them. This is commonly found in phishing emails where you receive an email you think might be from your bank, but it isn’t, and when you click the link to the website (that looks legit) and enter your credentials, that’s where it gets stolen.

Google’s change is good news for users who might have otherwise felt a bit iffy about logging into their Google accounts through embedded browsers.

Filed in General. Read more about , , and . Source: security.googleblog

Related Articles on Ubergizmo