New Update Google Chrome to let Isolated Web App access sensitive USB devices

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,469
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.

WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. As part of the WebUSB specification, there are certain interface classes that are protected from being accessed via web applications to prevent malicious scripts from accessing potentially sensitive data.

The list of protected interface classes are audio, HID (Human Interface Device), mass storage, smart card, video, audio/video Devices, and wireless controller.

In addition, the WebUSB specification includes a block list of specific USB devices that cannot be accessed by the API, such as YubiKeys, Google Titan keys, and Feitian security keys, which are used for multi-factor authentication.

Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.

"The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB," Google noted in a Chrome status update.
"With this feature, Isolated Web Apps with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes."
Click to expand...
Google says it plans to ship it for testing in Chome 128, which should be released in August 2024.
Click to expand...
www.bleepingcomputer.com

Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Wow
  • +Reputation
  • Like
Reactions: vtqhtr413, Trident, brambedkar59 and 4 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
3,716
This is an interesting development. Google is indeed testing an "Unrestricted WebUSB" feature that would allow Isolated Web Apps to access restricted devices and interfaces. However, it's important to note that this could potentially open up new security risks, even though it's meant to be used by trusted apps. It will be crucial for Google to ensure this feature is implemented securely.
 
  • Like
Reactions: Gandalf_The_Grey

Similar threads

NB InfoTech
    • Like
App Review Google Chrome Extension you must have | SquareX Review
Replies
3
Views
976
Video Reviews - Security and Privacy
broughie
B
silversurfer
    • Like
    • Thanks
New Update Google Chrome for iOS now lets you add web apps to your home screen
Replies
2
Views
727
Chrome & Chromium
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Google Chrome finally matches Windows accent color with an overdue theme update (experimental Canary channel)
Replies
0
Views
422
Chrome & Chromium
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top