New Windows Security Bypass Alert For Chrome And Edge Users
It is no secret that Google's Chrome browser is beseiged by security vulnerabilities. The good news is that the vast majority of these vulnerabilities are discovered and disclosed by security researchers, including Google's own Threat Analysis Group, well before any attacker can exploit them. However, that's not always the case, as evidenced by numerous emergency browser security updates in response to confirmed zero-day vulnerabilities. What is less well known, especially amongst the large non-techie user base, is that Edge is built around the Chromium engine, so many of the same vulnerabilities impact it, and them. Given that another security issue has just emerged, and both Chrome and Edge users are at risk from it, in this case, a Windows security protection bypass, you might be asking if it is time to quit using both and find something else. Here's what you need to know.
The FileFix Windows Security Issue Putting Chrome And Edge Users At Risk
I first warned Forbes readers of the threat from something called a ClickFix attack in December 2024, and more recently reiterated that warning after Google issued a security alert in May.bNow, a new threat, called FileFix, has been discovered, and it's coming for your Chrome and Edge browsers if you are a Windows user.
Penetration tester and security researcher, mr.d0x, first discovered FileFix on June 23, but has now published details of a new variation that is of concern to all Windows browser users. This new attack threat exploits the way that both Chrome and Edge deal with saving web pages, and can bypass the Microsoft Windows security feature known as Mark of the Web. It does this by bringing together those browser web page saving methods and something known as HTML Application execution. In other words, FileFix can now bypass the Windows MotW security function by exploiting the way in which browsers save HTML pages.
The good news is that to pull off this latest FileFix exploit, an attacker would first need to persuade the victim into saving an HTML web page and then renaming it as an .HTA file in order to auto-execute the embedded JScript that does the actual damage. If that all sounds a little long-winded, that's because it is. However, don't be fooled, social engineering, or phishing if you prefer, can persuade normally sensible people into doing the most unlikely of things. The original ClickFix attacks, for example, asked users who were presented with a fake captcha test to open a Windows run dialog and enter commands to execute the exploit. That sounds unlikely, right? Yet enough people did just that for ClickFix to make the headlines and for the biggest of vendors to issue warnings to users.
Is It Time For Windows Users To Abandon Chrome And Edge?
The short answer to the question posed in the above sub-heading is: is it heck as like. For those of you not living in the Yorkshire countryside in England, that means no. The continuing deluge of vulnerabilities that impact Chrome and Edge and are disclosed month after month, sometimes week after week, is a good thing. How so? Because, for the most part, these vulnerabilities are being discovered before threat actors know about them, and browsers are updated to protect against them before they can attack. The odd few zero-days that emerge are dealt with as quickly as they can be. The point is, it's better the devil you know when it comes to security vulnerabilities. There are plenty of other reasons why you might want to change, those based around privacy concerns or dislike of certain vendors, but security vulnerability exposure isn't on my list.
I have reached out to Google and Microsoft regarding the latest FileFix exploit affecting Windows users.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
41 minutes ago
- Yahoo
The stock of a small crypto miner soared 3,000% in a week on a plan to amass a trove of ethereum
BitMine Immersion Technologies raised $250 million to buy Ethereum as a reserve asset. The company is aiming to follow Michael Saylor's Strategy playbook. Ethereum's role in stablecoins positions it for growth, with a $2 trillion market forecast. No profits, no problem. Just add Ethereum. That's the strategy BitMine Immersion Technologies is following. The blockchain infrastructure company, which specializes in crypto mining and digital asset management and reported a net loss in the three months through May 31, surged 3,000% in the five trading days ending July 3 after raising $250 million to add Ethereum to its balance sheet. BitMine sold more than 55 million shares to a group of crypto and venture investors at $4.50 apiece on June 30. The company plans to use the proceeds to buy ethereum as the company's primary treasury reserve asset. The company also appointed Tom Lee, managing partner and head of research at Fundstrat Global Advisors, as the Chairman of the Board of Directors. The stock is up almost 1,600% year-to-date despite not being profitable. However, the Ethereum-inspired rally is proving to be volatile: the stock began falling after market open on Monday, dropping 25% from its Thursday close of $136. The company is taking a page from Michael Saylor's Strategy playbook by creating a crypto treasury reserve. While many companies have mimicked Strategy by loading up on bitcoin, an Ethereum-focused treasury purchase plan is still rare. While BitMine will continue to focus on its primarily bitcoin-dominated business operations, the company is betting that Ethereum will become more mainstream. With stablecoins playing a growing role in the crypto ecosystem, BitMine is positioning itself as an early investor in the infrastructure behind them. Unlike bitcoin, Ethereum allows programmable tokens, which are a key feature for the smart contracts that power stablecoins. Ethereum runs on "proof of stake," which allows users to earn rewards by locking up their holdings to help validate transactions and secure the network. Bitcoin, on the other hand, still relies on "proof of work," where miners use energy-intensive computers to solve cryptographic problems to mint new bitcoins. Ethereum hosts over half of existing stablecoins, making the crypto critical to the stablecoin ecosystem. According to the investment platform AInvest, 30% of Ethereum's transaction fees are generated by stablecoins. US Treasury Secretary Scott Bessent predicts that the $250 billion stablecoin market could expand to over $2 trillion in the next three years, meaning that Ethereum is positioned to receive an outsized benefit from the industry's growth, Tom Lee said. "That is really the backbone and architecture of stablecoins," Lee said of Ethereum on CNBC on June 30. "It's important to create a project that essentially accumulated Ethereum to essentially protect and have some influence on the network," Lee added. "The more Ethereum that's accumulated, the more secure the network is." Ethereum has lagged bitcoin's big bull run in recent years. The second-largest cryptocurrency has fallen from its 2021 high, dropping 23% in 2025. But with increasing stablecoin tailwinds through a crypto-friendly administration, the GENIUS Act, and more mainstream adoption, BitMine is betting that Ethereum can achieve bitcoin-level success. Read the original article on Business Insider
Yahoo
an hour ago
- Yahoo
The America Party is right out of the 'Musk playbook'
Elon Musk has announced his plan to form a new political party as he continues to feud with President Trump. It reflects a pattern in Musk's career of founding or buying entities to solve what he views as a big-picture problem. He founded SpaceX, Neuralink, and the Boring Company to focus on singular issues. If Elon Musk ever had to write a cover letter, he might say that he's the kind of leader who identifies an important problem and launches into action to find a solution — regardless of the odds. He wouldn't be lying. It's one of his primary traits as a business leader. Musk has a long history of founding and leading companies designed to tackle issues he feels need to be addressed. The latest example is his announcement over the weekend that he was moving forward with plans to create a new political party, the America Party for the "80% in the middle," to break the impasse formed by the two-party system in the United States. Musk has shown a tendency to identify a challenge and home in on it as the fixer without necessarily considering whether he's best suited to do so, Jeffrey Sonnenfeld, a Yale School of Management leadership professor, told BI. "That is the Musk playbook," he said. Musk didn't immediately respond to a request for comment from Business Insider. While Musk's America Party is his reaction to President Donald Trump's sprawling spending bill, which will likely add to the national deficit and which Musk has repeatedly criticized, he earlier described his new party as one that would represent voters in the middle of the political spectrum. Breaking the two-party system is a tall order. None of the many previous attempts have come close. Theodore Roosevelt's Progressive Party garnered 27% of the vote in 1912, and Ross Perot took in 19% of the vote in 1992 as an independent before forming the Reform Party for his 1996 bid. But Musk is not one to shy away from the difficult. "When something is important enough, you do it, even if the odds are not in your favor," Musk told "60 Minutes" in 2012. OpenAI's Sam Altman, with whom Musk is currently engaged in a legal battle, has put it another way. "Elon desperately wants the world to be saved. But only if he can be the one to save it," Altman said in a 2023 interview. When challenges arise at one of Musk's companies, he "goes all in on it," Andy Wu, an associate professor of business administration at Harvard Business School, previously told BI. Musk founded SpaceX a decade earlier, easily his most ambitious project, investing $100 million of his own fortune despite having no experience in aerospace engineering. With its reusable rockets, SpaceX overtook legacy aerospace giants to become the dominant launch provider for astronauts, satellites, and commercial payloads. Musk says his goal is to make space travel more accessible and to give life on Earth an option should the human race face extinction at home. "I've said I want to die on Mars — just not on impact," Musk said during a 2013 keynote at South by Southwest. Musk became an early investor in Tesla to tackle another problem he viewed as important: the environmental impact of fossil fuels. In 2006, before he became CEO, he wrote he was funding the company to "help expedite the move from a mine-and-burn hydrocarbon economy towards a solar electric economy." While Musk went on to create the most profitable EV company in the world, it has more recently struggled as Musk's foray into government impacted the brand and confounded investors. Even The Boring Company, which Musk founded in 2017 to dig tunnels for underground transport, was born from Musk's frustration with Los Angeles traffic. "Traffic is driving me nuts," Musk posted in December 2016. "Am going to build a tunnel boring machine and just start digging..." The Boring Company has since completed four operational tunnels in Las Vegas that are open to the public, while other proposed projects, such as a high-speed tunnel in Chicago and a Washington-to-Baltimore hyperloop, have been shelved. Musk's acquisition of Twitter in 2022 was a big swing — a $44 billion one, to be exact — to address another complex issue Musk saw as important. In the wake of the pandemic and civil rights unrest, Musk said he worried that the freedom to say anything you wanted was at risk. Buying Twitter was his solution. "This is a battle for the future of civilization," he said on Twitter in 2022 after acquiring it, six months before he rebranded it as X. "If free speech is lost even in America, tyranny is all that lies ahead." Musk has also voiced concerns about the future of artificial intelligence. He's gone to war with OpenAI CEO Sam Altman over that company's attention to its mission, which Musk helped craft as an early cofounder: to develop artificial general intelligence in a way that benefits humanity. Musk sees AGI as an existential threat, and said it is one of the reasons he founded xAI, the startup behind the Grok chatbot, in 2023. "I'm going to start something which I call TruthGPT or a maximum truth-seeking AI that tries to understand the nature of the universe," Musk told Fox News in 2023, adding that xAI "might be the best path to safety" that would be "unlikely to annihilate humans." AI is also part of his stated reasoning for founding Neuralink, which designs brain chips so humans can interact with computers. The chip is now in trials and used by a handful of disabled patients, who use it to more easily communicate, operate computers, or play video games. Musk has said that the ability for humans to integrate directly with machines can help ensure human control of AI. He said in a 2021 podcast appearance that he created Neuralink "specifically to address the AI symbiosis problem, which I think is an existential threat." Musk may not be able to apply the same strategy to solving massive political challenges, said Sonnenfeld, the Yale professor, who's also the founder of Yale's Chief Executive Leadership Institute. "He is great as a technology creator and entrepreneur, but not great in turnarounds and has been quite ham-handed in government, if not brutally offensive," Sonnenfeld said. With his efforts at the Department of Government Efficiency, Musk set out to cut what he described as fraudulent or excessive spending. The group's cost-cutting efforts spurred widespread layoffs across federal departments — actions that drew backlash from some on the political left. In the spring, Musk said that DOGE had been effective, though not to the degree he'd hoped. The spending cuts so far have fallen short of the initial target of slashing $2 trillion from federal outlays. There are signs that Musk, whose plans for a new party attracted support from Mark Cuban among others, is open to taking a measured approach with his latest political play. Musk said on Sunday that while the America Party may consider "backing a candidate for president" down the line, its main focus "for the next 12 months is on the House and the Senate." Sonnenfeld said that Musk doesn't appear to have the skills and diplomacy needed to build his party, adding that the reaction among many investors and consumers to his political efforts has been "overwhelmingly negative." "He's a brilliant technologist and an entrepreneur who doesn't know his limits — and he has them," Sonnenfeld said. Read the original article on Business Insider
CNET
an hour ago
- CNET
Score This Roku Security Camera 2-Pack for a Record Low of $30 This Prime Day
Amazon Prime Day is with us in less than 24 hours, and this shopping event lasts until July 11. This major shopping event brings with it many discounts on tech, home goods and other devices that can help you get things done, and even amount to savings on home security tech that can help you keep your packages, home, children and pets safe while you're busy. We've spotted this Roku indoor security camera two-pack for a record low of $30, which saves you $25 over its usual price. Considering its low price, we suggest acting fast to secure this deal if it's of interest to you. This Roku indoor camera kit includes 2 cameras you can use with or without a wire. It offers both Wi-Fi and Bluetooth connectivity and includes a simple design that blends seamlessly in your your baby's room or other parts of your home. You can connect to these cameras while you're away to check your pets as you work, run errands or visit loved ones. They're also great to use as baby monitors while you need to wash dishes or at night. Hey, did you know? CNET Deals texts are free, easy and save you money. Though they look simple, Roku's indoor cameras offer night vision, support for 1080p resolution, 2-way audio and motion detection. It's also compatible with Alexa, Roku Voice and Google Assistant if you want to experiment with voice controls. To get more features, you can also get an option subscription to Roku Smart Home (sold separately). Our dedicated shopping team has also compiled a list of the best home security cameras so you can compare before you shop. We're also going to be on the lookout for every possible Prime Day deal so you can keep saving. James Martin/CNET Amazon Prime: 30-day free trial See at Amazon Prime Day requires an Amazon Prime membership, though you don't have to be a paying member to get in on the savings. Start your 30-day Prime free trial now and you'll be able to shop the best deals without paying for a subscription -- just remember to cancel before it renews. See at Amazon Best July Prime Day Deals 2025 CNET's team of shopping experts have explored thousands of deals on everything from TVs and outdoor furniture to phone accessories and everyday essentials so you can shop the best Prime Day deals in one place. See Now Why this deal matters Roku's indoor cameras are packed with features such as night vision and 2-way audio, and you can now score them for their lowest-ever price of $30 if you have Amazon Prime. Not only is this a bargain on cameras that can help you keep an eye on your home, buying now could help you avoid potential tariff-related price increases that could affect electronic goods.
