Google Chrome to include protection from man-in-the-middle attacks
Sasha Perigo, a former Google Intern, has developed a man-in-the-middle (MitM) attack protection mechanism which will be integrated into Google Chrome from version 63. A MitM attack is where a person or an automated piece of software attempts to route another person’s incoming and outgoing traffic via themselves. A basic example would be someone with nefarious intent connecting to the same open WiFi hotspot (e.g. café WiFi) as you and collecting your unencrypted traffic. A more advanced attack would involve malware installed on your computer or router, or if they had created a fake hotspot at a café where they masquerade as a genuine WiFi hotspot.
The more advanced examples above can allow the third party to intercept encrypted SSL transmissions and attempt to decrypt the information using the SSL key. As software tries to decrypt and re-encrypt a connection, they often cause SSL errors which Chrome can detect. A warning screen will pop up alerting users that there appears to be someone snooping their traffic. Some virus scanners and firewalls can also trigger the warning, depending on how they handle encrypted traffic.