On this tracker, each week we will curate a selection of stories about online security.
Microsoft discovers flaw in Google Chrome
Microsoft’s Windows security team has discovered a remote code execution vulnerability in Google Chrome. Remote code execution allows hackers access to computing devices and the ability to make changes irrespective of the device’s geographical location.
Chrome’s relative lack of RCE mitigations means the path from memory corruption bug to exploit can be a short one. Several security checks being done within the sandbox result in RCE exploits being able to, among other things, bypass Same Origin Policy (SOP), giving RCE-capable attackers access to victims’ online services (such as email, documents, and banking sessions) and saved credentials.
The flaw was communicated to Google on September 14, 2017, according to Microsoft. Google posted the source code for the fix on GitHub within a week, but it took them nearly a month to fix the browser itself. Read more about what Microsoft discovered here.
CISF to study social media trends to better secure airports
The Central Industrial Security Force (CISF) has set up a ‘media lab’ and a Pattern Research for Institutional Social Media (PRISM) unit at its headquarter in Chennai, to keep a track of social media trends, news reports, etc across platforms such as Twitter, Facebook, YouTube and Flickr, reports TOI. Based on this collated data it will provide “actionable intelligence” to airports and other sensitive installations like nuclear and space organizations across the country. IIT-Delhi developed this platform and it is already being used by the Intelligence Bureau and Mumbai police to monitor security issues. CISF already has a WAR (web analytics and resolution) division in Delhi, and the two are expected to link together.
Google backs ARM’s new IoT security framework
UK-based mobile chip maker ARM has developed a new Internet of Things (IoT) security framework called Platform Security Architecture (PSA), which will allow IoT device makers the option to build security features directly into the device firmware, reports Engadget. Google’s Cloud Platform, Microsoft Azure, Sprint, Cisco, Softbank and several other companies have signed up for PSA, which is expected to become available by early 2018.
Kolkata gets a cybercrime reporting helpline
Kolkata Police and non-profit cybersecurity platform Infosec Foundation have partnered to set up an information security helpline in the city, which is expected to go live on November 3, 2017. Currently, the two are working on putting in place a team of volunteers, who will help those calling in identifying the right cyber solution. More on this here.