In fact, what was officially announced in the blog itself giant search, plans to block identifications soon using identifiers on their platforms, integrated browsers applications, to combat more effectively phishing commented.
And you have to keep in mind that right now, the the connections that we realize from the browsers integrated in tools and platforms of thirds, are very likely to undergo attacks of this type "man in the middle"As we know, these built-in application browsers are very useful for identifying us in an existing account of another service, for example in the Gmail, all this to access the functions of the app.
Google will launch this measure to fight against phishing in June
However, at the same time that this external identification system is very convenient, it is also very easy to convert them into channels for "man-in-the-middle" phishing attacks. The main reason for all this is that Google itself can not differentiate internally between a legitimate connection and an attempt to identity theft via a browser embedded in a application, the company has decided to block these connections from integrated browsers, all from the following June.
And is it possible that attackers can exploit built-in browsers, such as Chromium Embedded Framework or CEF, all this by intercepting communications between the user and providers such as Google. This is just another method that allows them to steal the login credentials that we introduce into these embedded browsers, sometimes even with details of authentication multiple factors, all in real time.
Therefore, in recent months, Google has implemented new additional measures of Security related to connections in order to protect these sensitive user dataas we have seen. At the same time, in a few months, we will see ourselves obliged to change Chromiumor Firefox, among others mobile browsers, when connecting to access a third party application that, although more uncomfortable, will ensure the security of the data entered.