Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Google to block sign-ins from embedded browser frameworks
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Google to block sign-ins from embedded browser frameworks

starting January 4, 2021. This is going to affect some setups.

Just received this email message:

Hi,

We are writing to let you know that Google will discontinue support for sign-ins to Google accounts from embedded browser frameworks, starting January 4, 2021.

We are following up with you about a recent blog post outlining our effort to block less secure browsers and applications. We have not detected any traffic from your project that would be affected in the last 30 days. However, please take the time to review your use of Google Account authorization flows in the following Google OAuth client IDs and confirm that you are in compliance with the policy before January 4, 2021

Please refer to our blog post for more information about the policy enforcement and how to test your apps for potential impact. If necessary, you may request a [Policy enforcement extension request for embedded browser frameworks expiring June 30, 2021, by providing all required information.

Sincerely,

The Google Account Security Team

Comments

  • I honestly like the change; I hate it when a program doesn't use the installed browser,
    but I wonder how they'll implement it.

    Thanked by 1imok
  • With the prevalence of browser based attacks, I think this can only be good. I've seen enough defcon talk about attacking embedded devices, that I don't trust IoT devices basically at all. Including on my home network where I have a separate VLAN so they can spread their malware between eachother. It may suck for a few devs out there, but as a whole it get a thumbs up from me.

Sign In or Register to comment.