fbpx

Chrome was hiding another major zero-day flaw

Users of Google Chrome have been warned to watch their security protection following the uncovering of a new zero-day in the popular browser.

Security researchers from Kaspersky have detected a new vulnerability that can hijack a user’s browser to inject malware that could lead to their entire system being put at risk.

The attack targets users of the Korean-language version of Chrome, both in South Korea and overseas, potentially leaving millions of customers at risk.

Exploit

The attack used a waterhole-style exploit to inject malicious JavaScript code into the Chrome main page. This then uses a profiling script to analyse the victim’s system and user credentials to see if version 65 or later of Chrome is installed.

The researchers say that the attack, which it named Operation WizardOpium, bears a number of similarities to the hugely damaging Lazarus attacks which swept the globe last year.

“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Kaspersky says it has informed Google of its findings, and a patch has been released. The company is urging users to install the patch as soon as possible and ensure their security software remains updated to the latest version.

Article source:

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)

Scroll to Top