Google has announced that in an attempt to enhance the protection provided on macOS devices, Chrome browser on the platform will soon start warning users actively when they try to visit "dangerous websites" or try to "download dangerous files." Further, the search giant has also discovered a bug in an antivirus app developed by ESET specifically for Mac users.
Firstly coming to the security warnings, Google says that Chrome's Safe Browsing is focusing on unwanted ad injection and manipulation of Chrome user settings (specifically the start page, home page, and default search engine). As per the search giant, its recently released Chrome Settings API for Mac provides users with more tools to ensure users have the control over their Chrome settings.
"From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings," the company said in its blog post.
Essentially, Chrome will start warning users about the software that attempts to modify the Chrome settings without using the API.
Separately, researchers from Google have found a bug in ESET's Endpoint Antivirus 6 for macOS, which is meant to eliminate all types of threats, including viruses, rootkits, worms, and spyware, as per its product description, as pointed out in a report by The Next Web. As per the researchers, the bug in the antivirus allowed hackers to gain remote access to their devices exploiting the dated XML parsing libraries.
Particularly, the vulnerability in question is regarding outdated version of POCO XML parser library, which included code from the Expat XML Parser. The Expat XML parsing vulnerability allows for arbitrary code execution via malformed XML content.
With this, the hackers can intercept the requests made to the library and can respond with "self-signed HTTPS certificate".
Even though the bug was discovered in November last year, Google decided to give ESET enough time to fix the issue (which it has). Mac users who are still on previous versions are strongly advised to update their antivirus software from ESET's page.