Google Implements New Measure to Prevent Phishing Attacks

To provide better protection against “man-in-the-middle” (MitM) attacks, Google will begin blocking login attempts initiated from embedded web browser frameworks, which are often used in phishing schemes. This includes tools like Chromium Embedded Framework (CEF), XULRunner, and similar technologies. Embedded browser frameworks allow developers to add browser functionality to their applications. For example, CEF enables the integration of the Chromium browser engine into apps.

As explained by Google’s Product Manager Jonathan Skelker in the company’s blog, phishers can use these frameworks to run JavaScript on web pages and automate user activity. In a man-in-the-middle attack, a hacker who has obtained login credentials and two-factor authentication codes can automate sign-ins to real Google services.

These types of attacks are difficult to detect, and blocking login attempts from these platforms is intended to address the issue. “Since we can’t distinguish between legitimate sign-ins and MitM attacks on these platforms, starting in June, we will block login attempts from embedded browser frameworks,” Skelker wrote.

This measure will affect developers, who will need to remove such frameworks from their applications. Google recommends that developers switch to using OAuth authentication instead.