The recent Chrome 80 update saves hundreds of thousands of stolen credentials but according to some privacy pundits it also brings a new major web privacy concern.
According to new research by the threat intelligence firm KELA, recent minor changes in Chrome 80 update crippled the one of today’s top cybercrime marketplaces named “Genesis”.
Genesis has more than 300,000 stolen credentials listed for sale in their marketplace. And 90% of all stolen credentials on the Genesis marketplace came from the AZORult malware infections.
Now, due to this recent Chrome 80 update, the numbers have reduced drastically to 200,000-230,000.
Source : ZDNet
The Google Chrome update also introduces a new type of major privacy concern.
Chrome 80 implements a new browser capability called ScrollToTextFragment which allows Google to link a single word of text and its position on the page and doesn’t require an anchor created by the site owner.
While it’s true that ScrollToTextFragment can be useful, privacy pundits argue that it can also be exploited.
In a comment on Github prior to release, Mozilla’s David Baron stated:
“My high-level opinion here is that this a really valuable feature, but it might also be one where all of the possible solutions have major issues/problems. So I think the question we should think about is how the problems of the solution chosen here compare to the problems of other options and how they compare to the value of the feature.”
Currently, ScrollToTextFragment is only supported by the Chrome browser.
Source: SearchEngineJournal (SEJ)