New Update Google Chrome to let Isolated Web App access sensitive USB devices

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,198
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.

WebUSB is a JavaScript API that allows web applications to access local USB devices on a computer. As part of the WebUSB specification, there are certain interface classes that are protected from being accessed via web applications to prevent malicious scripts from accessing potentially sensitive data.

The list of protected interface classes are audio, HID (Human Interface Device), mass storage, smart card, video, audio/video Devices, and wireless controller.

In addition, the WebUSB specification includes a block list of specific USB devices that cannot be accessed by the API, such as YubiKeys, Google Titan keys, and Feitian security keys, which are used for multi-factor authentication.

Google is now testing an "Unrestricted WebUSB" feature that allows Isolated Web Apps to access these restricted devices and interfaces.

"The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB," Google noted in a Chrome status update.
"With this feature, Isolated Web Apps with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes."
Google says it plans to ship it for testing in Chome 128, which should be released in August 2024.
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,445
This is an interesting development. Google is indeed testing an "Unrestricted WebUSB" feature that would allow Isolated Web Apps to access restricted devices and interfaces. However, it's important to note that this could potentially open up new security risks, even though it's meant to be used by trusted apps. It will be crucial for Google to ensure this feature is implemented securely.
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top