2 min Security

Chrome 128 gives trusted web apps access to USB ports

Chrome 128 gives trusted web apps access to USB ports

Google Chrome gets a feature that allows trusted web apps to access USB ports. Apps will also be trusted with USB devices that were previously always excluded from this feature for security reasons.

There will be a change to the WebUSB API so that isolated web apps can access the USB port of laptops and computers without restrictions. Similarly, they will also be able to access connected USB devices.

Broader access

Chrome is building security on USB access to prevent hackers from forwarding infected code to steal users’ data. An upcoming change for the Chrome Web browser will simplify access. As a result, isolated web apps will gain access by default and will not have restrictions imposed on them. Previously, such restrictions applied to audio (devices), Human Interface Devices (HID), mass storage, smart cards, video (devices), and wireless controllers.

Security keys deployed for multifactor authentication, such as YubiKeys, also appear to become accessible. These devices are on the blocked devices list, which is another degree higher than devices on the restricted access list.

Isolated web apps

The apps that gain access are not hosted on live web servers but packaged in web bundles. Typically, these are corporate apps that were designed by company developers and can only be accessed by employees. A final condition imposed by Google is that the app must have access to the “usb-unrestricted” policy feature.

Chrome 128 should include the feature. This version launches in August.

Tip! ‘Substantial risk of malicious extensions in Chrome Web Store’