Google is taking a big step to fight against the attempts of its users.
In the company's security blog, Google Product Manager or Account Security, Jonathan Skelker, announced that the search giant will begin to block the account's login from application-embedded browsers.
The problem with integrated browsers, as Skelker states, is that it leaves Google users susceptible to bad actors' phishing attacks.
Previously, external developers could add web browser instances, such as the Chromium Embedded Framework, to their applications. This allows users to log in to a service with their existing Google account without having to sign up to obtain a new account on a new platform.
While integrated browsers may have made it easier for a user of the application to register or log in, it also made it simpler for a hacker to carry out a phishing attack. Malicious actors can use built-in browser frames to actually look for an unsuspecting user and steal their login credentials.
Unfortunately, Google can differentiate between legitimate logins and a phishing attack through embedded browser frameworks. Because of this, the company has decided to completely ban this login method.
The company is a developer of integrated browsers to switch to browser-based OAuth authentication. Basically, when a user wants to log in to a third-party application using their Google account, the application will open the Google login page through their mobile browser. This way, users can see the URL of the site to make sure it is a legitimate Google page and not an impostor of phishing sites.
Google will begin to block sign-ins from embedded browser frames in June.