Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5536-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 26, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-5472An important security issue was discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), this problem has been fixedin version 118.0.5993.117-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 118.0.5993.117-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmU6+wwACgkQZF0CR8NudjcbzQ//b9RRr1OyKscWjFnuIgcs6zbj3IloLMQVwYj1LNeR1eqDwFcOBhxjfSKhx4vAxveR/KyrDKf1O71CWwL+vGZREw7r8X2kanJTCBQ7kIdgRpSc/uSQcCCmcx7LUemd9k2CzWHgqSYgZGrxBB5XDoQ2WfUxqH3gu5Xm0qhLb6GnWg4ylMlpsxvepEJW4v0GulZJqBQn1gnUfoFetoUccg7qKi0ev/COlza6kcfY71Xs+vlNMrnDwuzeCcuiWEjB8Q5JcjcU3D269Mj7aa6B5AN3LeCBLK+Q7T3+pn8Ft8GYSJrlFleEvtTkGSCxW8Pjo2gzDvl9U8bswgmtcUE6M26MFJIlYINxI9SCKuPCnbmdCxY5JG/8puSGD+ioG3l3BexYT0+NexUgjjoMsnwyaPR1OeQyWr/N8Obk/vEeZ9xaJzpnKtxKstnFqcZ9eqKt1B8S68YDPuXSVI0Wyb5E6Ozqrq2J8PrmwK7LrqrI/8nD/AQLgf20gU+2jc1z5MCYymu+IGxGolBcOTaRoK4GpASZ0x93UR/sNB6jGK08FZB+XUPjM/otxDl1D3QQeFuMXndWzvwsxHdZrL1DTlk4vDhaGzW2XBcPqhbfuqRwwKt7QMqLlTKH3/iVp6SQPYY8k1SfBSs1oO7iXv9UYm8+kHGNtWs0GWpuY0qxwDIMflWb4rE==Gmlo-----END PGP SIGNATURE-----

Debian Security Advisory 5536-1

**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

118.0.2088.76

10/27/2023

118.0.5993.117/.118

CVE-2023-44323: Adobe: CVE-2023-44323 Adobe PDF Remote Code Execution Vulnerability

The Palantir Tiles1 service was  found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.



CVE-2023-30969: Palantir | Trust and Security Portal

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. 

CVE-2023-30967: Palantir | Trust and Security Portal

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5472: Stable Channel Update for Desktop

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. 


This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

**Advisory Information**

*   **Advisory ID:** BOSCH-SA-175607
*   **CVE Numbers and CVSS v3.1 Scores:**
    *   CVE-2023-41255
        *   Base Score: 8.8 (High)
    *   CVE-2023-41372
        *   Base Score: 7.8 (High)
    *   CVE-2023-41960
        *   Base Score: 7.1 (High)
    *   CVE-2023-43488
        *   Base Score: 7.9 (High)
    *   CVE-2023-45220
        *   Base Score: 8.8 (High)
    *   CVE-2023-45321
        *   Base Score: 8.3 (High)
    *   CVE-2023-45844
        *   Base Score: 7.3 (High)
    *   CVE-2023-45851
        *   Base Score: 8.8 (High)
    *   CVE-2023-46102
        *   Base Score: 8.8 (High)
*   **Published:** 20 Oct 2023
*   **Last Updated:** 25 Oct 2023

**Summary**

The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.

Furthermore, the "Android Agent" application which is shipped with the ctrlX WR21 HMI contains multiple flaws, which in a worst case scenario might allow an attacker to execute arbitrary commands on the device.

**Affected Products**

Vendor Name

Product Name

Affected versions

Bosch Rexroth AG

ctrlX HMI Web Panel - WR21 (WR2107)

all

Bosch Rexroth AG

ctrlX HMI Web Panel - WR21 (WR2110)

all

Bosch Rexroth AG

ctrlX HMI Web Panel - WR21 (WR2115)

all

**Solution and Mitigations****Solution**

An updated firmware version will be published soon. This version prevents that an attacker with physical access to the device might gain root access.

Furthermore, the application "Android Agent" will be removed entirely.

This advisory will be updated as soon as the new version becomes available. Users are strongly advised to upgrade to the new version.

**Mitigation**

Until the updated version becomes available, users are strongly advised not to use Google Chrome for the Kiosk mode. As an alternative, the WebStation app may be used for this purpose.

Android Agent should not be used at all.

**Vulnerability Details****CVE-2023-41255**

CVE description: The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.

*   Problem Type:
    *   CWE-306 Missing Authentication for Critical Function
*   CVSS Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**CVE-2023-41372**

CVE description: The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair

*   Problem Type:
    *   CWE-798 Use of Hard-coded Credentials
*   CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 7.8 (High)

**CVE-2023-41960**

CVE description: The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.

*   Problem Type:
    *   CWE-926 Improper Export of Android Application Components
*   CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
    *   Base Score: 7.1 (High)

**CVE-2023-43488**

CVE description: The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.

*   Problem Type:
    *   CWE-862 Missing Authorization
*   CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
    *   Base Score: 7.9 (High)

**CVE-2023-45220**

CVE description: The Android Client application, when enrolled with the define method 1(the user manually inserts the server IP address), use HTTP protocol to retrieve sensitive information (IP address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.

*   Problem Type:
    *   CWE-306 Missing Authentication for Critical Function
*   CVSS Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**CVE-2023-45321**

CVE description: The Android Client application, when enrolled with the define method 1 (the user manually inserts the server IP address), use HTTP protocol to retrieve sensitive information (IP address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.

*   Problem Type:
    *   CWE-319 Cleartext Transmission of Sensitive Information
*   CVSS Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
    *   Base Score: 8.3 (High)

**CVE-2023-45844**

CVE description: The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

*   Problem Type:
    *   CWE-284 Improper Access Control
*   CVSS Vector String: CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
    *   Base Score: 7.3 (High)

**CVE-2023-45851**

CVE description: The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.

This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

*   Problem Type:
    *   CWE-306 Missing Authentication for Critical Function
*   CVSS Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**CVE-2023-46102**

CVE description: The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.

This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.

*   Problem Type:
    *   CWE-798 Use of Hard-coded Credentials
*   CVSS Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**Remarks****Acknowledgement**

**These vulnerabilities have been uncovered and disclosed responsibly by Diego Giubertoni from Nozomi Networks. We thank him for making a responsible disclosure with us.**

**Security Update Information**

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

**CVSS Scoring**

Vulnerability classification has been performed using the CVSS v3.0 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

**Additional Resources**

*   \[1\] Bosch Rexroth Advisory: https://www.boschrexroth.com/en/dc/product-security/security-advisories/

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

**Revision History**

*   25 Oct 2023: Added CVE list
*   20 Oct 2023: Initial Publication

CVE-2023-45851: Multiple vulnerabilities on ctrlX HMI Web Panel - WR21

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

By Deeba Ahmed
The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like…
This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts

The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like Vidio, Grammarly, and Bukalapak.

*   **Salt Security’s Salt Labs research team has identified vulnerabilities in the social login implementations of three popular websites.**

*   **These vulnerabilities can expose over a billion user accounts to account hijacking and data leakage, given that social login is a standard feature found in almost all major and non-major websites.**

*   **Eighty percent of the targets Salt Labs’ investigated contained security flaws concerning social login features.**

*   **Researchers have revealed a small set of impacted targets.** 

*   **This discovery highlights the risks associated with social login functionality.**

The leading API security firm, Salt Security’s Salt Labs research team, has identified critical **API security flaws** in the social sign-in and the OAuth (Open Authentication) implementations of several high-profile online firms, including Vidio, Grammarly, and Bukalapak.

Investigation revealed that through Pass-The-Token Attack, a threat actor could exploit the vulnerabilities, gaining unauthorized access to a user’s accounts on dozens of websites and access their credit cards, bank accounts, and other sensitive data.

This research marks the third and final installment in the team’s OAuth hijacking series. Previously, Salt Labs researchers had identified vulnerabilities in **Expo** and **Booking.com**.

For your information, OAuth is a widely used authentication method. Many websites and web services use it to enable the user-friendly one-click login process. Moreover, through OAuth implementation, users can log in to their social media accounts, such as Facebook or Google, to register on a website instead of creating a new login ID and password.

The vulnerabilities were detected in the social sign-in process’ access token verification step. It is a crucial component of the OAuth implementation on websites. The issue occurred due to improper token verification in the process, allowing adversaries to obtain unauthorized access. 

In a **blog post**, Salt Labs Security Researcher Aviad Carmel wrote that their research team could exploit this flaw through the Pass-The-Token Attack, which involves inserting a token from another website to gain access to user accounts.

****Vulnerability Impact on Vidio.com****

On the Vidio website, researchers discovered the vulnerabilities while logging in through Facebook. The website (Vidio.com) didn’t verify the token or OAuth itself, which is a glaring flaw, allowing manipulation of the API calls to insert an access token created for another application. This alternate token-AppID combination allowed researchers to impersonate a user on the website and get the opportunity to take over thousands of accounts.

****Vulnerability Impact on Bukalapak.com****

One of Indonesia’s largest eCommerce platforms, Bukalapak’s website, also failed to verify the access token when users registered with a social login. Salt Labs team inserted a token from another website and was able to access a user’s credentials from the website, obtaining full control of the account.

It is worth noting that **in May 2020,** a hacker was discovered selling user data belonging to 13 million Bukalapak user accounts.

****Vulnerability Impact on Grammarly****

The researchers observed the AI-powered writing tool Grammarly.com website to learn the site’s code-sending terminology. Afterward, they could manipulate the API exchange to insert code used to verify users on a different website and successfully obtained user account credentials and performed account takeover.

Following the coordinated disclosure practice, Salt Labs researchers notified all three sites, and the issues have now been addressed. They believe the vulnerabilities could have impacted at least a billion accounts associated with the three affected sites.

The flaws although have been addressed but could have exposed sensitive login details and allowed adversaries to launch versatile range of attacks. This is a shocking discovery because thousands of websites use social sign-in functionality and billions of users worldwide could be at risk of threats like identity theft and financial fraud. 

> _Social Login is a very common feature that is implemented on almost every major (and non-major) web service. Around 80% of our targets included some kind of security issue related to social login functionality. The impact is that we were successfully able to take **over more than 1 billion accounts** across all the targets, which includes the ones identified in this research plus many others._
> 
> Yaniv Balmas – VP of Research at Salt Security

****Dicussion at SecTor****

Aviad Carmel and Yaniv Balmas of Salt Security will be hosting a **speaking session** titled: Uh-OAuth! – Breaking (and Fixing) OAuth Implementations” – Wednesday, October 25, 4:00-5:00pm, Meeting Room 718A.

For your information, SecTor is a Black Hat conference that focuses on underground threats and corporate defenses. It is held annually in Toronto, Canada. The conference is known for its high-quality speakers and attendees, and it is a must-attend event for anyone interested in the latest information on security threats and defenses. SecTor 2023 will be held October 23-26, 2023 at the Metro Toronto Convention Centre.

****_RELATED ARTICLES_****

1.  12-Year-Old Windows Defender flaw risked 1 billion devices
2.  Cybersecurity firm exposes 5 billion data breach records online
3.  DreamHost hosting firm exposed almost a billion sensitive records
4.  Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users
5.  Online trading broker FBS exposes 20TB of data with 16 billion records
6.  Brazilian marketplace integrator Hariexpress exposed 1.75 billion records

Social Login Flaws in Popular Websites Risked Billions of User Accounts

Categories: Threat Intelligence
Tags: malvertising

Tags: ads

Tags: hong kong

Tags: malware

Tags: whatsapp

Tags: telegram

Ads on Google for popular communication apps are used as a lure to compromise the devices of people from Hong Kong.



(Read more...)




The post Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram appeared first on Malwarebytes Labs.

Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A recent article from the South China Morning Post discussed an increase in malicious webpages for the popular WhatsApp communication tool, driven via malicious Google ads. The paper described how these ads appeared to be exclusively targeted at people from Hong Kong and have caused losses of about USD$300K last month.

We started investigating this situation and were able to identify what may be a similar campaign. The decoy sites we saw used a similar page than the web version of WhatsApp to trick victims into scanning a QR code to link their new device. Instead, it wasn't the user's device that was added to the WhatsApp account, but rather the threat actor's.

We also found another campaign using an ad for messaging tool Telegram, to lure victims into downloading a malicious version of the program. Again, this attack was targeted at residents of Hong Kong.

We have reported the malicious ads to Google and worked with partners to take down the infrastructure used in these campaigns.

**Malicious WhatsApp ad leads to QR code page**

Just like the South China Morning Post stated that users were seeing malicious ads for WhatsApp, we were able to find one immediately after switching our online profile to use a Hong Kong IP address:

The text of the ad reads as follows (translated from Chinese):

_WhatsApp New Version - WhatsApp Official Authorization_

_We are constantly updating and launching various fun and interesting functions as well as safe and reliable communication applications. Welcome to download and experience it. The cross-platform application brings you a reliable experience, and you can send private messages to your friends at any time._

Clicking on the ad leads to a convincing lookalike site in Chinese that pretends to be WhatsApp Web:

What's interesting, and works well as a lure, is the fact that WhatsApp is not just a mobile phone app, but does indeed have a web version for computers as well. The real domain for it is hosted at web.whatsapp.com and also uses a QR code to add a linked device to your account. What this means is that you can use WhatsApp on your PC or Mac after you scan the QR code and authorize that new device from your phone.

The issue here is that the QR code you are scanning is from a malicious site that has nothing to do with WhatsApp:

The domain used to generate those QR codes (lawrencework\[.\]com) was registered just two days ago. A search on urlscan.io reveals that it is associated with several other fake WhatsApp pages. We tested the QR code by adding it from a burner phone with a brand new WhatsApp account without any previous linked devices. A few seconds later, we saw a new device was added (Google Chrome running on Mac OS):

While we could not get more information (IP address, geolocation) about this new device, we knew it was not ours. When you link a new device to your WhatsApp account, the saved chat history is synced to it. This means that an attacker can essentially read your entire past and future conversations and has access to your saved contacts.

**Telegram ad links to malware**

The second ad we saw related to this campaign was using Telegram as a lure. We know it is related to the above WhatsApp attack because the ad is from the same advertiser.

The text of the ad reads as follows (translated from Chinese):

_telegram official website – telegram Chinese version – telegram download Telegram Chinese version is a Telegram client specially developed for Chinese users. Welcome to the Chinese channel, a new era of information, delivering more exciting information_

It links to a Google Docs page pretending to be a download site:

_Telegram instant messaging - simple, fast, secure and syncs across all your devices. It is one of the most downloaded apps in the world, with over 500 million active users. The latest official Telegram Chinese computer version TG-Chinese version: Click to download TG-PC: Click to download_

The two links (identical) download an MSI installer from the following URL:

kolunite.oss-ap-southeast-7.aliyuncs\[.\]com/HIP-THH-19-1.msi

This installer has been injected with malware, which we can see once we execute it:

**Targeted malvertising and motives**

These two campaigns abusing the WhatsApp and Telegram brands could be used for a variety of reasons. We did not investigate further what the ultimate ploy was, although both lead to data theft, impersonation and malware. The threat actor could use any private information from past conversations, phish the victim's contacts and much more.

This was our first foray into malvertising attacks targeted at Hong Kong. Given that this special administrative region of the People's Republic of China has a long history of tensions with Beijing, we could not help but think that malvertising campaigns such as these could be used for political reasons, although we saw no evidence of it.

Linking additional devices via QR code is a useful feature but it can also easily be abused. It's important to be cautious when scanning QR codes by verifying which site is issuing those. It's a good idea to periodically check which devices have access to your accounts, and revoke any that you don't recognize.

_Thanks to Nathan Collier for the assist with the QR code scanning on Android._

**Indicators of Compromise**

Malicious WhatsApp domains

uaa.vvg2rt\[.\]top  
wss.f8ddcc\[.\]com

QR code hostname

119srv\[.\]lawrencework\[.\]com

Telegram MSI URL

kolunite.oss-ap-southeast-7.aliyuncs\[.\]com/HIP-THH-19-1.msi

Telegram MSI

36d11b18d3345ff743f7b003d10a0820c8c1661dd7dc279434e436de798c3a4b

Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram

Categories: News
Categories: Personal
Categories: Privacy
Tags: Google

Tags:  Chrome

Tags:  IP Protection

Google plans to roll out its IP Protection feature for Chrome in phases.



(Read more...)




The post Google Chrome wants to hide your IP address appeared first on Malwarebytes Labs.

Google is working out some kinks in the project formerly known as Gnatcatcher, which will now be known under the more descriptive name “IP Protection.” Which means that Chrome is reintroducing a proposal to hide users' IP addresses, to make cross-site tracking more difficult.

An Internet Protocol (IP) address is a unique number that’s assigned to your computer when it joins a network. The number acts as your address on the network. In order for two computers to communicate, each must know the other's address, so that messages go to the right place.

The IP address you use on the Internet is typically the one that your router is given by your ISP (Internet Service Provider). Although the IP address you use isn't assigned to you permanently it will likely go unchanged until you disconnect or turn off your router. Blocks of IP addresses are assigned geographicaly, so it's also possible to use them for a form of crude geolocation, accurate to about the nearest city.

Your IP address's combination of persistence and uniqueness makes it a useful identifier for anyone who wants to track you across multiple websites. It can also be combined with other semi-permanent information from your browser to create an even more accurate "fingerprint", that identifies you when you browse.

Over time this fingerprint can be used to build up a unique, persistent user profile that can be used for targeted advertising, which many people see as a threat to their privacy.

As a result, some users do not like to reveal their IP address, so they hide it using a proxy server or a VPN. Both proxies and VPNs mask a user's IP address with one of their own. Only the proxy operator or VPN provider knows the user's real address.

Google's IP Protection proposal will use proxies to hide users' IP addresses.

Because there are some potentially unwanted side-effects, and Google wants to learn as it goes, the feature will be tested and rolled out in multiple phases. In the first phase the feature will use a single Google-owned proxy, will only proxy requests to domains owned by Google, and will only work for users with US-based IP addresses.

Apparently Google wants to test the infrastructure without impacting third-party companies. Domains owned by Google include services like Gmail, but also AdServices. Note that in this phase Google will automatically enroll a small percentage of users, and they must be logged in to Chrome.

In later phases Google plans to  use a chain of two proxies so that neither proxy can see both the origin and destination IP addresses. There are some concerns that will need to be ironed out in the course of the testing phases:

*   Defensibility, since a compromised proxy may be used to deploy attacks.
*   Disruption of existing Denial of Service (DoS) defenses by using the two proxies.
*   Disruption of existing defenses for fraud and invalid traffic detection. For example, depending on the way they work, some block-lists will no longer be effective because the final destination is not detected.

Google expects that this may change plans along the way, and states:

> “Long term solutions will evolve and will be shaped in conjunction with the ecosystem. We will collaborate with ISPs, CDNs, third parties, and destination sites towards the end-state of privacy proxies for the web. For instance, ISPs and CDNs are well suited to operate privacy proxies.”

We will keep an eye on how this development takes shape. But, even if I could, I would not sign up for the first phase if I were a user that now uses a VPN to hide their IP address. Because in this phase Google will be able to see your IP address and the one you are visiting, which means you would only be shifting the information gathering from several Google services to one central point.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

Tag

#chrome