- Google issued ‘critical’ Chrome browser update in response to software bug
- Hackers were using the flaw to gain remote access to users’ computers.
- The hackers used an HTML page to entice users to click on it, opening malware.
- READ MORE: Hackers release NHS patient data after cyber attack
Google has urged millions of Chrome users to update their browsers after discovering a malicious attack that allows hackers to take control of computers.
The tech giant warned that cybercriminals are using malicious pop-ups or websites to gain access to an unsuspecting victim’s personal information.
A “critical” update has been deployed, which closes the loophole that makes your servers vulnerable to what is called a “zero-day” attack.
The name comes from the fact that a perpetrator found a weakness before the manufacturer, leaving zero days to fix the problem because the server was already compromised.
The update can be accessed in Google’s Chrome browser in the “Settings” section.
Google has released a ‘critical’ Chrome update to protect users from cyberattacks
Google confirmed that Russia, North Korea, Belarus and the People’s Republic of China had instigated many of the attacks.
Google reported that the flaw in all previous versions of Chrome “allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” but did not specify what the flaw was.
When a fake HTML page appears on the screen, it might look like a normal website, but instead, when the user clicks on it, a hacker could use remote access to gain control over the person’s computer.
The HTML page may also appear as a pop-up window that urges the user to download the latest antivirus software or the latest version of the browser, but instead installs software that allows the actors to steal the user’s personal data.
Google advises users to continually update their browsers to the latest version to ensure all security measures are up to date.
These updates mean you don’t have to pay for antivirus software because the new version of Chrome patches all pre-existing vulnerabilities.
To update Chrome, users should open the browser and click the three dots at the top right of the screen, then click “Settings.”
Hackers Gain Remote Access to Chrome User’s Personal Information Using HTML Page
There will be the option to click “About Chrome” on the left, where it will check for updates and download them.
Google has recommended that users keep automatic updates turned on so that critical security fixes and new features are added automatically when they become available.
The update comes after a analysis conducted by Mandiant and the Google Threat Analysis Group found that there were 87 zero-day attacks in 2023, up 50 percent from the previous year.
Google reported that hackers have expanded their reach to third-party sites and libraries for maximum impact, and because these sites offer more than one product, making them a prime target for hackers to exploit security flaws. of Chrome.
“We saw this theme recurring among threat actors of all motivations, looking for vulnerabilities in products or components that provided broad access to multiple choice targets,” a Google spokesperson said. tecradar.
Last year, security experts warned users not to download a new version of Chrome in a browser because it could contain malicious software.
In 2023, about 41 percent of attacks were carried out by espionage efforts, while another 41 percent were carried out by commercial surveillance providers and 17 percent were financially motivated, according to the analysis.
Google reported that about half of all attacks came from malicious actors in Russia, North Korea, Belarus, and China, and attributed 12 of the zero-day vulnerabilities to actors backed by the government of the People’s Republic of China (PRC).
“The actor showed specific interest in information of political or strategic interest to the government of the People’s Republic of China, directed at governments and global organizations in high-priority industries,” the analysis said.