fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Chrome Adopts Windows 10 Exploit Protection Feature

Google Chrome Adopts Windows 10 Exploit Protection Feature

Google Chrome now hinders attackers’ efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later.

This is possible after the adoption of Intel’s Control-flow Enforcement Technology (CET), supported on Windows 10 computers through an implementation known as Hardware-enforced Stack Protection which adds enhanced exploit protection to all compatible devices.

Makes it harder to write exploits

Hardware-enforced Stack Protection uses the Intel CET chipset security extension to secure applications from common exploit techniques such as Return-Oriented Programming (ROP) and Jump Oriented Programming (JOP).

Attackers regularly use such exploitation techniques to hijack a program’s intended control flow to execute malicious code with the end goal of escaping a browser’s sandbox or executing code remotely when visiting maliciously crafted web pages.

Windows 10’s Hardware-enforced Stack Protection blocks these attacks by triggering exceptions when it detects that an app’s natural flow has been modified.

“With this mitigation the processor maintains a new, protected, stack of valid return addresses (a shadow stack),” said Chrome Platform Security Team Engineer Alex Gough.

“This improves security by making exploits more difficult to write. However, it may affect stability if software that loads itself into Chrome is not compatible with the mitigation.”

Chrome processes with Hardware-enforced Stack Protection enabled (Google)

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Adopted by other Chromium-based browsers too

Google Chrome is not the first Chromium-based web browser to support Hardware-enforced Stack Protection, as BleepingComputer reported in February.

Microsoft Edge vulnerability research lead Johnathan Norman said at the time that Microsoft Edge 90 added support for the Intel CET feature in non-renderer processes.

“Edge 90 (Canary) now supports Intel’s CET non-renderer processes,” Norman tweeted. “If you have a fancy new processor give it a try.”

This security feature will most likely be adopted by other Chromium browsers besides Google Chrome and Microsoft Edge, including Brave and Opera.

Furthermore, Mozilla is also looking into including support for Intel CET in the Firefox web browser. Still, there has been no recent status update since the issue was opened one year ago.

Task Manager ‘Hardware-enforced Stack Protection’ column

Windows 10 users with CET-compatible CPUs (Intel 11th gen or AMD Zen 3 Ryzen) can check if a browser process utilizes the hardware security feature using the Windows Task Manager.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

To do this, open Task Manager, go into the Details tab, right-click on a column header, click Select Columns, and check the Hardware-enforced Stack Protection. Once enabled, a newly added column will show processes with Intel CET support.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us