Umlando omusha

I-SquareX Idalula “Ukuvumelanisa Kwesiphequluli”, Indlela Entsha Yokuhlasela Ebeka Izigidi Engcupheni

nge CyberNewswire6m2025/01/30

Kude kakhulu; Uzofunda

I-SquareX yembula indlela entsha yokuhlasela ebonisa ukuthi izandiso ezinonya zingasetshenziswa kanjani ukuduna ngokuphelele isiphequluli, futhi ekugcineni, lonke idivayisi. Ukuhlasela kuqala ngokuthi isisebenzi sifake noma yisiphi isandiso sesiphequluli. Isandiso sibe "buthule" siqinisekisa isisulu kuphrofayela ye-Chrome ephethwe i-Google Workspace yomhlaseli.

featured image - I-SquareX Idalula “Ukuvumelanisa Kwesiphequluli”, Indlela Entsha Yokuhlasela Ebeka Izigidi Engcupheni

I-PALO ALTO, USA, Januwari 30, 2025/CyberNewsWire/--SquareX idalula indlela entsha yokuhlasela ebonisa ukuthi izandiso ezinonya zingasetshenziswa kanjani ukugetshengwa ngokuphelele isiphequluli, futhi ekugcineni, yonke idivayisi.

Izandiso zesiphequluli bezilokhu zibekwe obala ezindabeni zokuphepha zebhizinisi muva nje ngenxa yegagasi lokuhlaselwa kwe-OAuth konjiniyela besandiso se-Chrome nokuhlaselwa kokukhishwa kwedatha.

Kodwa-ke, kuze kube manje, ngenxa yemikhawulo abathengisi besiphequluli abayibeka ohlelweni olungaphansi lwesandiso nezandiso, bekucatshangwa ukuthi akunakwenzeka ukuthi izandiso zithole ukulawula okugcwele kwesiphequluli, kancane kancane idivayisi.

IsikweleX abacwaningi u-Dakshitaa Babu, u-Arpit Gupta, u-Sunkugari Tejeswara Reddy kanye no-Pankaj Sharma baye bachitha le nkolelo ngokubonisa ukuthi abahlaseli bangasebenzisa kanjani izandiso ezinonya ukuze bakhulise amalungelo okuphatha isiphequluli esigcwele nokuthathwa kwedivayisi, konke ngokusebenzisana okuncane kwabasebenzisi.

Ngokubalulekile, isandiso esinonya sidinga kuphela amakhono okufunda/okubhala akhona kuningi lezandiso zesiphequluli ku-Chrome Store, okuhlanganisa amathuluzi okukhiqiza avamile afana ne-Grammarly, Calendly ne-Loom, eqeda amandla abasebenzisi ekunikezeni lezi zimvume.

Lesi sambulo siphakamisa ukuthi cishe noma yisiphi isandiso sesiphequluli singasebenza njenge-vector yokuhlasela uma sidalwe noma sithathwe umhlaseli. Ngokuqonda kwethu okuhle, izandiso ezithunyelwe eSitolo se-Chrome zicela lawa makhono akwenziwa ngokuhlolwa okwengeziwe kokuphepha ngesikhathi sokubhala.

Ukuhlasela kokuvumelanisa isiphequluli kungahlukaniswa kube izingxenye ezintathu: ukuthi isandiso sengeza kanjani buthule iphrofayela ephethwe umhlaseli, sigebenga isiphequluli futhi ekugcineni sizuze ukulawula okugcwele kwedivayisi.

Ukudunwa kwephrofayela

Ukuhlasela kuqala ngokuthi isisebenzi sifake noma yisiphi isandiso sesiphequluli - lokhu kungase kuhilele ukushicilela leso esizenza ithuluzi le-AI noma ukuthatha izandiso ezikhona ezidumile okungenzeka zibe nezigidi zokufakwa sekuhlanganisweni.

Isandiso sibe "buthule" siqinisekisa isisulu kuphrofayela ye-Chrome ephethwe i-Google Workspace yomhlaseli. Konke lokhu kwenziwa ngendlela ezenzakalelayo efasiteleni elingemuva, okwenza yonke inqubo icishe ingabonakali kumuntu ohlukunyeziwe.

Uma lokhu kuqinisekisa sekwenzekile, umhlaseli unokulawula okugcwele phezu kwephrofayela esanda kuphathwa esipheqululini sesisulu, okubavumela ukuthi baphushe izinqubomgomo ezizenzakalelayo ezifana nokukhubaza ukuphequlula okuphephile nezinye izici zokuphepha.

Ngokusebenzisa ukuhlasela kobunjiniyela bomphakathi okuhlakaniphe kakhulu okuxhaphaza izizinda ezithenjwayo, isitha singase sikhulise ukuhlasela kokudunwa kwephrofayili ukuze kwebe amaphasiwedi esipheqululini sesisulu. Isibonelo, isandiso esinonya singavula futhi siguqule ikhasi losekelo le-Google elisemthethweni lokuthi ungavumelanisa kanjani ama-akhawunti omsebenzisi ukuze utshele isisulu ukuthi senze ukuvumelanisa ngokuchofoza okumbalwa nje.

Uma iphrofayela isivumelanisiwe, abahlaseli banokufinyelela okugcwele kuzo zonke iziqinisekiso nomlando wokuphequlula ogcinwe endaweni. Njengoba lokhu kuhlasela kusebenzisa amasayithi asemthethweni kuphela futhi kungenazimpawu ezibonakalayo zokuthi kushintshiwe isandiso, ngeke kucuphe noma yiziphi izinsimbi zokuxwayisa kunoma yiziphi izixazululo zokuphepha eziqapha ithrafikhi yenethiwekhi.

Ukuthathwa Kwesiphequluli

Ukuze uzuze ekuthathweni kwesiphequluli esigcwele, umhlaseli udinga ukuguqula isiphequluli se-Chrome yesisulu sibe isiphequluli esiphethwe.

Iziqaphi zesandiso ezifanayo futhi zibambezela ukulanda okusemthethweni, njengesibuyekezo se-Zoom, futhi esikhundleni sako kufakwe okusebenzisekayo komhlaseli, okuqukethe ithokheni yokubhalisa nokufakwayo kokubhalisa ukuze kuguqule isiphequluli se-Chrome yesisulu sibe isiphequluli esiphethwe.

Ngokucabanga ukuthi badawunilode isibuyekezo se-Zoom, isisulu sisebenzisa ifayela, eligcina selifaka ukubhaliswa okuyalela isiphequluli ukuthi siphathwe i-Google Workspace yomhlaseli.

Lokhu kuvumela umhlaseli ukuthi athole ukulawula okugcwele phezu kwesiphequluli sesisulu ukuze akhubaze izici zokuphepha, afake izandiso ezinonya ezengeziwe, akhiphe idatha futhi aqondise kabusha abasebenzisi buthule kumasayithi obugebengu bokweba imininingwane ebucayi. Lokhu kuhlasela kunamandla ngokwedlulele njengoba ungekho umehluko obonakalayo phakathi kwesiphequluli esiphethwe nesingaphethwe.

Kumsebenzisi ojwayelekile, alukho uphawu olutshelayo lokuthi kukhushulwe ilungelo lenzekile ngaphandle kwalapho isisulu sazi ngokuvikeleka okuphezulu futhi siphuma endleleni ukuze sihlole izilungiselelo zesiphequluli sakhe njalo futhi sibheke izixhumanisi ne-akhawunti engaziwa ye-Google Workspace.

Ukudunwa Kwedivayisi

Ngefayela elifanayo elilandiwe ngenhla, umhlaseli angaphinda afake okufakiwe kokubhalisa okudingekayo kusandiso esinonya sokuthumela imilayezo kuzinhlelo zokusebenza zomdabu. Lokhu kuvumela isandiso ukuthi sihlanganyele ngokuqondile nezinhlelo zokusebenza zasendaweni ngaphandle kokuqinisekisa okwengeziwe.

Uma uxhumano seluqinisekisiwe, abahlaseli bangasebenzisa isandiso ngokuhlanganyela negobolondo lendawo nezinye izinhlelo zokusebenza zomdabu ezitholakalayo ukuze uvule ngokuyimfihlo ikhamera yedivayisi, uthwebule umsindo, urekhode izikrini futhi ufake isofthiwe enonya - ngokuyisisekelo unikeze ukufinyelela okugcwele kuzo zonke izinhlelo zokusebenza nedatha eyimfihlo. kudivayisi.

Ukuhlasela kokuvumelanisa isiphequluli kuveza iphutha elibalulekile endleleni amaphrofayili alawulwa kude neziphequluli eziphathwa ngayo. Namuhla, noma ubani angakha i-akhawunti yendawo yokusebenza ephethwe eboshelwe esizindeni esisha kanye nesandiso sesiphequluli ngaphandle kwanoma yiluphi uhlobo lokuqinisekisa umazisi, okwenza kungenzeki ukubalula lokhu kuhlasela.

Ngeshwa, amabhizinisi amaningi okwamanje awabonakali nhlobo esipheqululini - iningi alinazo iziphequluli eziphethwe noma amaphrofayili, futhi noma yikuphi ukubonakala kwezandiso ezifakwa abasebenzi ngokuvamile ngokusekelwe kumathuluzi athrendayo nezincomo zenkundla yezokuxhumana.

Okwenza lokhu kuhlasela kube yingozi kakhulu ukuthi kusebenza ngezimvume ezincane futhi cishe akukho ukuxhumana nabasebenzisi, okudinga kuphela isinyathelo esicashile sobunjiniyela bezenhlalo kusetshenziswa amawebhusayithi athembekile - okwenza kucishe kungenzeki ngezisebenzi ukuzibona.

Ngenkathi izehlakalo zakamuva ezinjengokwephulwa kweCyberhaven sezibeke engcupheni amakhulu, uma kungezona izinkulungwane zezinhlangano, lokho kuhlasela kwakudinga ubunjiniyela bomphakathi obuyinkimbinkimbi ukuze busebenze. Imvelo ecashile edabukisayo yalokhu kuhlasela - okunomkhawulo ophansi kakhulu wokusebenzelana nabasebenzisi - akwenzi nje lokhu kuhlasela kube namandla kakhulu, kodwa futhi kunikeza ukukhanya okungenzeka ukuthi izitha sezivele zisebenzisa le nqubo ukuze zifaka engozini amabhizinisi namuhla.

Ngaphandle uma inhlangano ikhetha ukuvimba ngokuphelele izandiso zesiphequluli ngokusebenzisa iziphequluli eziphethwe, ukuhlasela kokuvumelanisa isiphequluli kuzoludlula ngokuphelele uhlu oluvinjelwe olukhona kanye nezinqubomgomo ezisuselwe kuzimvume.

Umsunguli we-SquareX Vivek Ramachandran uthi “Lolu cwaningo ludalula indawo eyimpumputhe ebalulekile kwezokuphepha kwebhizinisi. Amathuluzi okuvikela endabuko awakwazi nje ukubona noma ukumisa lokhu kuhlasela okuyinkimbinkimbi okusekelwe kusiphequluli. Okwenza lokhu kutholwa kwethuse kakhulu indlela ezikhalisa ngayo izandiso zesiphequluli ezibonakala zimsulwa zibe amathuluzi okuthatha idivayisi aphelele, sonke ngesikhathi sindiza ngaphansi kwe-radar yezinyathelo zokuphepha ezivamile njenge-EDRs kanye ne-SASE/SSE Secure Web Gateways. Isixazululo Sokuthola Isiphequluli-Impendulo akuseyona nje inketho - kuyisidingo. Ngaphandle kokubonakala nokulawula ezingeni lesiphequluli, izinhlangano empeleni zishiya umnyango wazo wangaphambili uvulekele kubahlaseli. Le nqubo yokuhlasela ibonisa ukuthi kungani ukuphepha kudinga 'ukushintshela phezulu' lapho izinsongo zenzeka khona ngempela: esipheqululini ngokwaso."

I-SquareX ibiqhuba ucwaningo lwezokuphepha oluphambili ekwandisweni kwesiphequluli, okuhlanganisa nenkulumo ye-DEF CON 32 Izandiso Ezikhohlisayo: Abaculi be-MV3 Escape eyembule izandiso ezinonya eziningi ezithobela i-MV3.

Leli thimba labacwaningi liphinde laba ngelokuqala ukuthola nokudalula Ukuhlasela kwe-OAuth konjiniyela besandiso se-Chrome isonto elilodwa ngaphambi kwe- Ukwephulwa kweCyberhaven . I-SquareX nayo yayinesibopho sokutholwa kwe I-Last Mile Reassembly ukuhlaselwa, ikilasi elisha lokuhlaselwa kohlangothi lwamakhasimende elisebenzisa amaphutha ezakhiwo futhi lidlule ngokuphelele zonke izixazululo zeSecure Web Gateway.

Ngokusekelwe kulolu cwaningo, isisombululo sokuqala se-SquareX Sokutholwa Kwesiphequluli Nempendulo sivikela amabhizinisi ekuhlaselweni okuthuthukisiwe okusekelwe ekwandiseni okuhlanganisa nemizamo yokudunwa kwedivayisi ngokwenza ukuhlaziya okuguquguqukayo kuwo wonke umsebenzi wokunwetshwa kwesiphequluli ngesikhathi sokusebenza, ukuhlinzeka ngamaphuzu engcuphe kuzo zonke izandiso ezisebenzayo kulo lonke ibhizinisi futhi ngokuqhubekayo ukuhlonza noma yikuphi ukuhlaselwa okungenzeka babe sengozini yakho.

Ukuze uthole ulwazi olwengeziwe mayelana nokuhlasela kokuvumelanisa isiphequluli, okunye okutholakele kulolu cwaningo kuyatholakala kokuthi sqrx.com/research .

Mayelana ne-SquareX

IsikweleX isiza izinhlangano ukuthi zithole, zinciphise futhi zifune ukuhlasela kwewebhu ohlangothini lweklayenti okwenzeka kubasebenzisi bazo ngesikhathi sangempela.

Isixazululo sokuqala se-SquareX's industry-first Browser Detection and Response (BDR), sithatha indlela egxile ekuhlaseleni kwezokuphepha kwesiphequluli, siqinisekisa ukuthi abasebenzisi bebhizinisi bavikelekile ezinsongweni ezithuthukile njengamakhodi anonya e-QR, ubugebengu bokweba imininingwane ebucayi esipheqululini, uhlelo olungayilungele ikhompuyutha olusekelwe ku-macro kanye ne-malware. okunye ukuhlasela kwewebhu okuhlanganisa amafayela anonya, amawebhusayithi, imibhalo, namanethiwekhi onakalisiwe.

Ukwengeza, nge-SquareX, amabhizinisi anganikeza osonkontileka nezisebenzi ezikude ngokufinyelela okuphephile kuzinhlelo zokusebenza zangaphakathi, i-SaaS yebhizinisi, futhi iguqule iziphequluli kumadivayisi e-BYOD / angalawulwa zibe izikhathi zokuphequlula ezithenjwayo.