Google has been alerted to a new “high” level flaw in its Chrome browser and is now urging users to update to fix it.
The new vulnerability is part of a pattern with Chrome’s V8 JavaScript engine, which has become “especially attractive to real-world attackers,” a Google cybersecurity expert has warned.
In simple terms, the recently discovered flaw in Chrome allows hackers to take control of your browser through malicious code hidden inside a spoofed HTML web page.
The alert comes amid a summer of catastrophic global hacks, including the Independence Day “RockYou2024” leak in July, which exposed a staggering 10 billion passwords to cybercriminals, and a massive breach of Social Security numbers in the United States.
Microsoft’s Threat Intelligence Center has alerted rival Google, the search engine, to a new “high” level flaw in its Chrome browser (logo above). Google is now urging users to update the fix
If the new exploit is successful, it could be used to steal passwords from Chrome’s Google Password Manager, credit card “autofill” information, and more, all before a Chrome user even suspects their system has been compromised.
“V8 bugs often allow the construction of unusually powerful exploits,” according to Samuel Groß, a member of Google’s Project Zero security research team.
Gross proposed A detailed V8 sandbox to resolve all these kinds of bugs and help protect Google Chrome’s V8 software, which interacts directly with JavaScript — a coding language that has been popular on the web but is notoriously vulnerable to hackers.
This V8 sandbox went live last April, but unfortunately for many, it will only work with PCs and laptops that have at least a 64-bit processor.
‘The V8 Sandbox requires a 64-bit system as it needs to reserve a large amount of virtual address space,’ Groß said. Hacker News‘currently one terabyte.’
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) first reported the new V8 flaw on August 19, 2024.
According to Google, the issue was fixed two days later and is now available in the latest Chrome updates.
Precisely how this problem with V8 can be cleverly exploited by hackers remains a closely guarded secret by the tech giant, in part to protect its user base who have not updated their browsers.
The cash reward owed to MSTIC and MSRC for discovering the vulnerability has not yet been determined, according to Google Chrome version update On Wednesday.
To update Chrome on your computer, first open the browser and click on the three vertically aligned dots in the top right corner of the browser.
From there, go to the “Help” menu and click “About Chrome.” The new page will show you the latest updates and may update automatically, unless the device is a workplace computer that requires administrator privileges and IT support.
Once Chrome is updated, simply click “Relaunch” to complete the process.
